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world, 


and not just outside the 
gruntled employees are secu- 
rity problem, too. help you out, 
we've compiled the hottest tips 
topics suchas identity manage- 
ment, insider abuse and instant 
messaging. Stories begin page 23. 
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ls your company secure? Take our quiz to find out: 


QuickLink a3430 
www.computerworld.com 


48186 


JULY 14, 2003 = VOL. 37 ® NO. 28 » $5/COPY 


id-Reporting Mandate 
Adds Compliance Woes 


Companies need systems overhauls meet 


‘material events’ requirement 


operations. 


THOMAS HOFFMAN 
Most companies that have tak- 
steps comply with the 
Sarbanes-Oxley Act have fo- 
cused their energies Sec- 
tion 404, provision that re- 
quires businesses document 
their financial-reporting con- 
trols and procedures. 

But most managers have 
yet tackle potentially 
more onerous requirement: 
Section 409, which calls for 
companies deliver timely 
reports investors and other 
stakeholders any “material 


What You Should 


« Set up systems to automatical- 
ly notify all key constituents, in- 
cluding senior executives, board 
members and investor-relations 
managers, of material events. 


2 For IT projects in particular, 
make sure your project manage- 
ment and accounting processes 
are intertwined so cost overruns 
can be quickly identified. 


w Work with the finance and 
audit departments to develop a 
framework for financial reperting 
and documentation procedures. 


Feds Ponder Future 


Despite settlement, 
carrier could lose 


government contracts 


DAN VERTON 
WorldCom Inc. may have 
overcome its problems with 
the Securities and Exchange 
Commission, but its political 
battles Capitol Hill 
and throughout the 
halls government 
are just beginning. 

US. District Court last 
week approved the SEC’s 
amended proposed settlement 
with the telecommunications 
carrier, which now doing 
business under its MCI brand. 
The settlement allows civil 
penalty $2.25 billion 
satisfied much smaller 
payment shareholders and 
bondholders $500 million 


from Chapter protection. 
But key issue that hasn’t 
been resolved whether 
barred from holding govern- 
ment contracts. The Senate Ju- 
diciary Committee tomorrow 
will hold hearing the is- 
sue part broader inves- 
tigation into the ramifications 
bankruptcy. 
has enough 
votes the House 
Appropriations Com- 
mittee block effort being 
pushed rivals AT&T Corp. 
and Verizon Communications 
that would bar any extension 
MCI government contracts 
MCI Contracts, page 


events” that could affect the 
companies’ finances busi- 


That mandate, which the 
Securities and Exchange 
Commission expected 
start enforcing 2005, could 
leave businesses with 
choice but make sweeping 
changes their infrastruc- 
tures order provide auto- 
mated reporting capabilities 
that function close-to-real- 
time speeds, CIOs and ana- 
lysts said last week. 

“There’s huge data and in- 
formation infrastructure issue 
there that has tuned 
respond events and most 
companies don’t have these 
capabilities place,” said 
John Hagerty, analyst 

Sarbanes, page 


Businesses 
See 
Potential Lure 


Restaurants, hotels 
wooing customers 
with wirele access 


BOB BREWIN 
public-access Wi-Fi “hot 
spots” percolate out coffee 
shops and into the wider 
world hotels, fast-food 
chains and other locations, 
many companies are starting 
view the wireless technolo- 
essential amenity for 
attracting customers. 

But still unclear 
how much businesses can 
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cash and $250 million com- 
mon stock upon emergence 


charge customers use the 


88-3 Wi-Fi, page 
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all you need know. 


Only SAS provides high-impact, low-risk way 
achieve intelligent data warehousing. You can 
extract, transform and load data from any source, 
across any platform, while assuring quality. 
Simplify the way you create and customize reports. 
And deliver shared version the truth. find out 
how top companies reap bottom-line rewards with 
leveraging the value data 
from corporate systems, e-business channels, the 
supply chain and the Web call 

toll free 866 270 5727. 


| 


www.sas.com/warehouse 
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ConocoPhillips’ 
Bobby Gillham (left) 
and other experts 
offer suggestions. 


Thwart Insider Abuse. Hackers get the media at- 
tention, but security pros know that the biggest 

Tips From Security Pros threat comes from within. Here are recommenda- 
risky world out there. tions guard against insider abuse. 
providing scores tips from 

security pros help you 
protect your corporate assets. 
PACKAGE BEGINS PAGE 23. 


PeopleSoft customers are con- 
cerned about being forced move 
Oracle’s database. 


IBM lures Sun users expanding 

its WebSphere offerings for Linux. 

Protect Privacy, Step Step. State, federal and 
international laws are making data privacy man- 
agement hot issue. Here are some tips for man- 
aging privacy policy. 


EMC goes after the backup and re- 

covery software market with its 

planned purchase Legato Systems. 


Plug Security Gaps. With million business 
users, instant messaging the security problem 
you can’t ignore. ONLINE: Companies share more 
their tips for locking down instant messaging. 
QuickLink 39700 


IBM and Microsoft release Web 
services spec for exchanging user 
identity information across dis- 
parate systems. 


The Story Far. quick tour through the histo- 
security, including computer viruses, 
antivirus software and government efforts deal 
with virus outbreaks. 

Users benefit big software ven- 

dors warn that upcoming quarterly 

financial results will grim. 


Know Thy Users. With the 
proper identity management 
system, you can save money, 


Careers: Security experts 

like Jim Wade (right) 
KeyCorp say information 
security specialists have 


will push security and on- 
demand computing its annual 
user conference this week. 


make users happy and improve 
security. Users like Ann 
Garrett (left), chief informa- 


little better than other 
pros today’s job market 


tion security officer for the 
state North Carolina, offer strategies for mak- 
ing the right choices. 


computers rarely have san- 

itized hard drives, and spy- 

ware lurking your PC. These items are among 
the tidbits this month’s collection. 


Microsoft’s antitrust settlement 
still drawing criticism after yielding 
few licensing deals. 

Opinion: Common names can create false posi- 
tives databases. our post-9/11 world, that 
makes columnist Mark Hall little nervous. 

OPINIONS 

Mark Hall 

Maryfran Johnson 


QuickStudy: buffer overflow 

the equivalent pouring gal- 
lon water into pint-size pot. Those ex- 
cess data bits can overwrite and destroy 
information. 


Evaluate Outsourcing Partners. The rules 
outsourcing still apply when working 
with managed security service providers. 

David Moschella But specific safeguards will help ensure 

Letters the quality security coverage. 


Frank Hayes 
The Next Chapter: asked experts 


identify future security risks. They 
warned about stolen fingerprint scans, 
Web services, “digital dimwits” and light- 
ning-fast Internet attacks. 


Strengthen Security During Mergers. 
With merger and acquisition activity 
the rise, managers need know how 
protect their company’s assets and bol- 
ster security the combined business. 


DEPARTMENTS/RESOURCES 

Deadline Briefs 

News Briefs 


How to Contact CW 
Shark Tank 
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Thwarting Attacks Apache 
Servers. this book excerpt, 
hacker explains how intruders 
can gain access your system 
and what you can stop 
them. QuickLink 39583 


Social Engineering: Matter 
Trust. Securing network isn’t 
just the job the “tech peo- 
ple,” says columnist Douglas 
Schweitzer. QuickLink 39213 
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Tips for Securing Windows. 
Patches, service packs, hot fixes 
and quick fixes when should 
you install them, and when 
might they make things worse? 
Spirian’s CTO offers advice. 

QuickLink 39506 


Inside Hacker’s Tool- 
box. Hackers have access 
knowledge about 802.11 
wouldn’t you like know what 


they know? AirDefense Inc.’s 
Brian Moran takes tour 


hacker’s toolbox. 
QuickLink 39753 


Password Secrets. Writing 
passwords creative ways can 
make them easy remember 
but difficult for anyone else 
guess, writes columnist Peter 
Gregory. 

QuickLink 39127 
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Sun Confirms Unix 
Deal With SCO... 


Sun Microsystems Inc. confirmed 
that has signed expanded 
Unix technology licensing deal 
with The SCO Group Inc., which 
earlier this year filed suit against 
IBM for allegedly incorporating 
patented Unix code into Linux. 
Sun and Lindon, Utah-based SCO 
finalized the wider agreement 
February, but SCO kept Sun’s 
identity secret until last week. 


And Offers 
Migration Program 


other Sun news, the company 
said plans announce next 
week server migration pro- 
gram aimed users 
Packard Co.’s Tru64 Unix oper- 
ating system. The Away of- 
fering will include discounts 
aimed enticing users running 
Tru64 Unix Alpha-based 
servers switch Sun sys- 
tems. Sun already has similar 
program, called Blue Away, for 
IBM mainframe users. 


Peregrine Creditors 
Agree Revamp 


Peregrine Systems Inc., San 
Diego-based vendor asset 
management software, said 
has reached agreement with its 
creditors and shareholders 
financial reorganization plan. 
Peregrine, which had amend 
its original plan after some credi- 
tors balked the provisions, 
now hopes emerge from Chap- 
ter bankruptcy next month. 


Oracle Readying 
Database Upgrade 


Oracle Corp. said it’s beta-testing 
database upgrade and plans 
announce the software Sep- 
tember its OracleWorld confer- 
ence San Francisco. The new 
version, which being referred 
Oracle10i for now, will in- 
clude new database management 
features, expanded clustering ca- 
pabilities and added support for 
XML and Web services. 


PeopleSoft Users Fear 
Forced Database Move 


Doubts linger, despite Oracle’s promise 
that require use its software 


MARC SONGINI 
OME PEOPLESOFT users 
last week said they fear 
that addition put- 
ting their business ap- 

plication investments at risk, 

Oracle Corp.’s $6.3 billion bid 

buy PeopleSoft Inc. could 

force them migrate Ora- 
cle’s database. 

Oracle supports its own 
E-Business Suite applications 
only its namesake databas- 
es. But Oracle spokes- 
woman said that the company 
wouldn’t force PeopleSoft 
users who rely rival data- 
bases such DB2 SQL 
Server switch technologies 
and that all existing People- 
Soft applications would 
supported for least years. 

Nevertheless, several cus- 
tomers Pleasanton, Calif.- 
based PeopleSoft and Denver- 
based J.D. Edwards Co. 
which PeopleSoft expected 
acquire under deal an- 
nounced last month said 
they’re worried that they will 
have rip out IBM Micro- 
soft Corp. databases Oracle’s 
takeover bid succeeds. 

have not been reassured 
[Oracle],” said Ben Wilson, 
head services for the 
government Napa County 
California. con- 
vinced they want switch 
the Oracle database the 
future, and that would 
expensive proposition us.” 


Costly Migrations 

Napa County now uses Micro- 
soft’s SQL Server 2000 data- 
base support its PeopleSoft- 
based ERP system. Wilson 
said plans stick with the 
applications beyond the cur- 
rent version, PeopleSoft 
Being forced move 
Oracle database would cost 
the county tens thousands 
dollars more for software li- 
censes than spends now and 


would require that its data- 
base administrators re- 
trained, he said. 

“We are most concerned 
about possibly being forced 
the Oracle database,” said Bill 
Monroe, chief operating offi- 
cer the Texas Education 
Agency Austin, which runs 
PeopleSoft applications that 
are supported Microsoft 
and Sybase Inc. databases. 
changeover would disrup- 
tive and expensive, said. 

Oracle’s promise let users 
keep their current databases 


appears contradict the posi- 
tion the company took when 


announced its takeover bid 
early June, said Peg Nicholson, 
president the PeopleSoft In- 
ternational Customer Adviso- 
Board and CIO Acushnet 
Co., maker golf equipment 
Fairhaven, Mass. 

But Oracle were force 
migration, ton work” 
would needed convert 
Acushnet’s data from SQL 
Server Oracle database 
format and retrain its staff, 
Nicholson said. “We have far 
better things with our 
time and money projects 
which will bring business re- 
turn our investment,” she 
added. “This will bring nothing 
but aggravation and expense.” 

Having change databases 
“would unacceptable most 


www.computerworld.com 


customers,” said Joshua Green- 
baum, analyst Enterprise 
Applications Consulting 
Daly City, Calif. “No one should 
forced into anything, and 
doubt Oracle would foolish 
enough try.” 


VIEW 


Oracle's CEO says he'll continue his efforts 
to buy PeopleSoft into next year if need be: 
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IBM Expands Linux Support WebSphere 


Company uses 
scalability bait 
lure Sun defectors 


CAROL SLIWA 
IBM announced last week that 
its WebSphere Application 
Server for the first time will 
run Linux its pSeries 
and iSeries hardware with its 
Power4 microprocessor. 
WebSphere already ran 
IBM’s Linux-based xSeries 
servers with Intel Corp. proc- 
essors the low end and 
its zSeries mainframe the 
high end. Now will also 
supported Linux-based 


midrange servers that tradi- 
tionally have run the Unix op- 
erating system, said Bob Sutor, 
director WebSphere infra- 
structure software IBM. 
“IBM continues its commit- 
ment Linux our strategic 
hardware,” said, “and we’re 
continuing put our commit- 
ment our strategic software 
well.” 

Sutor noted that Microsoft 
Windows servers run 
only Intel processors and 
added that Sun Microsystems 
Inc. “has relegated Linux the 
lowest end,” supporting the 
open-source Unix derivative 
Intel-based servers rather 


WebSphere 5.02 for Linux/Power4-based 
pSeries and iSeries servers 


pplication 


_ WebSphere Application 


Server Network Daployment 


Servor Enterpris 


_ WebSphere Application 


per Tomorrow 
processor 

$15,000 per Tomorrow 
processor 

$30,000 per July 
processor 


than its Sparc processors. 

“In the Sun Sparc environ- 
ment, you can only far 
with Linux before Sun 
shifts you over Solaris,” said 
Dwight Davis, analyst 
Summit Strategies Inc. 
Boston. “So this large part 
attack Sun, trying 
draw people from the Sun 
platform the IBM platform 
offering them more scal- 
able growth path with Linux 
the foundation.” 

Davis said most users will 
base their decisions the 
whole IBM offering and as- 
sessment WebSphere. 
said developers don’t write 
Linux directly, but rather 
the J2EE platform, which, 
IBM’s case, WebSphere. 

“Obviously, people care 
about the underlying hard- 
ware and the performance 
profile the microproces- 
sors,” Davis said. “But don’t 
think many people are making 
decisions based solely 
whether it’s chip, 
Itanium chip, Power chip. 
They’re really looking the 
entire package.” 


Its! nder fet Tor. PeapleSoft's’ 
stock as been e tended 
PeopleSoft’s 316.6 million shares. 
been tendered to Oracle. 
The Justice Department 
is expected to.al I jounce wh ether 
satisfied that there are 
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IBM Takes Aim Automating Privacy Enforcement 


New language goes beyond compliance 


JAIKUMAR VIJAYAN 
new programming language 
announced IBM last week 
promises help companies 
automate the enforcement 
corporate privacy policies. 
IBM’s XML-based Enter- 
prise Privacy Authorization 
Language (EPAL) can used 
build privacy-related rules 
and conditions, said Steve 
Adler, IBM marketing man- 
ager. For instance, privacy 
policies could written and 
attached each record ina 
customer database. The poli- 
cies then travel wherever the 
data goes and can used 
control the manner which 
the data accessed and used. 
EPAL builds the World 
Wide Web Consortium’s Plat- 
form for Privacy Preferences 
Protocol (P3P), Adler said. 
P3P allows privacy prefer- 
ences that are expressed 
plain text turned into 
digital machine-readable 
code. It’s used widely 
browsers accept block 
Web site’s request for infor- 
mation based user’s pri- 
vacy preferences. 


P3P Comparison 

But P3P doesn’t allow devel- 
opers set conditions give 
them way express nega- 
tive rules telling what 
user can’t do, for instance, 
said. contrast, “EPAL 
provides this positive and neg- 
ative language that allows you 
articulate what people are 
allowed not allowed 
with data,” said. 

“Its much more robust than 
P3P because gives you way 
prevent data from being 
used [noncompliant] man- 
ner,” said Larry Ponemon, 
director the Ponemon Insti- 
tute, privacy think tank 
based Tucson, Ariz. 

“EPAL allows companies 
use language that not only can 
describe activity but also 
help enforce that activity,” 
said Scott Shipman, privacy 
counsel eBay Inc. “To date, 
language has supported 
that second component.” 


EBay member IBM’s 
Privacy Management Adviso- 
Council, which has evalu- 
ated the new language. The 
25-member group also in- 
cludes companies such 
Marriott International Inc. 
and Fidelity Investments. 

It’s too early say whether 
companies will need make 
changes their existing appli- 
cations take advantage 
EPAL environment, Shipman 
said. That will become clearer 
only more tools become 
available for EPAL, noted. 

IBM’s own approach has 
been use what calls “mon- 
itors” for linking new and ex- 


isting applications its Tivoli 
privacy management software. 
The approach allows develop- 
ers build privacy rules and 
audit reporting into applica- 
tions without having hard- 
code changes. 

EPAL will allow companies 
set and enforce far more 
specific rules related the 
manner which data ac- 
cessed and shared, said Fred 
Cohen, analyst Burton 
Group Midvale, Utah. 

The downside that the 
more rules company builds 
around its data with EPAL, the 
more complex the environ- 
ment likely get, added. 

one thing have sys- 
tem with five six rules. But 


express something like 
HIPAA compliance may take 
thousands rules,” Cohen 


said, referring the Health 


COMPUTERWORLD 


Insurance Portability and Ac- 
countability Act. “There are 
all sorts things that could 


go wrong.” 


IBM’s EPAL announcement 
builds the company’s 
emerging privacy manage- 
ment initiative. Since last fall, 
IBM has been selling P3P- 
based technology called 
Tivoli Privacy Manager that’s 
aimed helping companies 
comply with privacy rules. 
The technology allows com- 
panies take written priva- 
policy and convert into 
digital form, deploy the policy 
specific systems and ap- 
plications, and then monitor 
access data accordance 
with the policy. EPAL the 
language through which auto- 
matic enforcement can take 
place. 


EMC Buy Legato Part 
Storage Software Push 


Its latest acquisition 
continues plan 
diversify revenue 


LUCAS MEARIAN 
EMC Corp. last week an- 
nounced planned acquisition 
storage software vendor 
Legato Systems Inc. that’s in- 
tended boost its presence 
the data backup market and 
help offer integrated set 
tools for managing the en- 
tire life cycle information. 
EMC CEO Joe Tucci said 
the addition Mountain 


SEPTEMBER 2002: EMC ac- 
quires Prisa Networks Inc., 
San Diego-based vendor soft- 
ware for small and 
midsize storage-area networks. 


APRIL 2003: The company 
buys Astrum Software 
Boston-based developer stor- 
age resource management soft- 
ware for midrange applications. 


JULY 2003: EMC purchases the 
rights to BMC’s Patrol Storage 
Manager which 
monitors and reports usage 
storage systems. 


View, Calif.-based Legato 
through stock-swap deal val- 
ued $1.3 billion will push 
EMC closer his goal get- 
ting 30% its revenue from 
software sales. Storage man- 
agement software currently 
accounts for 23% EMC’s 
business, which still domi- 
nated its disk arrays. 

But EMC will have re- 
assure Legato users like David 
Scott, a systems administrator 
Butler Machinery Co. 
Fargo, N.D. Scott uses three 
Legato’s backup products and 
said he’s concerned that sup- 
port for those applications 
may diminish after the buyout. 

always worried about 
support,” Scott said. “When 
you have [product] issues, 
you want and running 
quick possible.” 

Jamie Gruener, analyst 
The Yankee Group Boston, 
said the planned acquisition 
will also put Legato risk 
losing its hardware neutrality. 
But, added, EMC users 
stand benefit from having 
broader suite storage man- 
agement software sold and 
supported the company. 

That may not enough 
convince Visa International 


Inc. adopt EMC’s backup 
software, even though the Fos- 
ter City, credit 
card company has many EMC 
disk arrays its stor- 
age-area network. 

Scott Thompson, executive 
vice president Visa’s tech- 
nology group, said isn’t 
likely move away from Veri- 
tas Software Corp.’s NetBack- 
tool the foreseeable fu- 
ture because trusts the 
market-leading technology. 

The Legato deal due 
completed the 


The Legato deal was an- 
nounced just one week after 
EMC said had bought Hous- 
ton-based BMC Software 
discontinued Patrol Storage 
Manager technology. Legato 
will become the 10th storage 
software vendor that EMC has 
acquired outright since 2000 
part its strategy reduce 
its reliance hardware sales. 

Tucci said wouid outline 


plans integrate EMC’s own 


backup and recovery software, 
EMC Data Manager (EDM), 
with Legato’s flag- 


fourth quarter. 
Tucci said Legato 
will become divi- 
sion Hopkinton, 
Mass.-based EMC 
and will continue 
Wright, Legato’s 
chairman and CEO. However, 
its developers will move 
EMC’s open-software devel- 
opment division. 

Legato shares many cus- 
tomers and channel partners 
with EMC, Wright said. “We 
suffer from one thing, and 
that’s lack resources,” 
said, adding that Legato hasn’t 
been able push sales 
higher level its own. The 
company has been the red 
for straight quarters, and 
lost $2.6 million revenue 
$74 million this year’s first 
quarter. 


SAN PLAN 


Sun Microsystems last week 
announced a strategy for 
managing multivendor SANs 
but was short on details: 

QuickLink 39807 
www.computerworld.com 


ship NetWorker 
product brief- 
ing scheduled for 
Aug. New 
York. Current 
EDM users will re- 
ceive free up- 
grade the inte- 
grated product, said. 

EMC held the market 
for backup and recovery soft- 
ware last year, while Legato 
had 8.1% share, according 
Gartner Inc. Stamford, 
Conn. Veritas was far the 
top vendor, with 47% market 
share, followed IBM’s 
Tivoli Software unit 16.6%. 

Legato will add about 1,500 
employees EMC’s work- 
force 17,200. Tucci said 
there would some consoli- 
dation moves, but added 
that the deal “made 
broken the cost side.” 


Privacy 
Management 
Reference Monitor 
ivoli P rivac anage! 
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| a pplication. 
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Microsoft Revamps 
Stock Awards Plan 


Microsoft Corp. said signifi- 
cant portion” the stock-based 
compensation awarded to more 
than 600 its top managers 
will now based improve- 
ments customer-satisfaction 
rates well growth the 
company’s user base. The new 
approach part plan under 
which Microsoft will give em- 
ployees actual shares its stock 
instead stock options. 


Patches Issued for 
New Windows Hole 


other Microsoft news, the 
company issued patches for 
security hole that affects all sup- 
ported versions Windows and 
could used attackers run 
malicious code unprotected 
systems. The problem involves 
buffer-overrun vulnerability 
HTML converter component built 
into Windows. Microsoft gave 
the flaw “critical” severity rat- 
ing all releases except for 
Windows Server 2003. 


Offers 
Security Service 


Dell Computer Corp. announced 
optional service under which 
will implement security bench- 
marks developed the Bethes- 
da, Md.-based Center for inter- 
net Security the PCs sells. 
will activate more than 
security settings Windows 
2000 for users who sign up. 
similar offering will added for 
Windows later this year, the 
company said. 


Short Takes 


ORACLE CORP. said plans 
more than double the number 
software developers and 
customer service workers 
has India, 6,000-plus 
employees. New York-based 


INFORMATION BUILDERS INC. 
released mainframe Linux ver- 
sion its WebFocus business- 
intelligence software. 


NEWS 


MARK HALL THE MARK 


Open-Source 
Doom for Oracle, 


Sybase and other general-purpose databases, predicts Tim 
“MySQL might databases what Apache did for Web serving,” 
says the president technical book publisher and conference orga- 
nizer O’Reilly Associates Inc. Sebastopol, Calif. Apache, 
claims, has forced Microsoft Corp. make its IIS Web server software 
“effectively free bundles.” David Axmark, co-founder and “open sor- 
cerer” Uppsala, Sweden-based MySQL AB, the developers the 
open-source database, cautions that you see Larry Ellison approving 


free deals for Oracle9i the near future, 

ever. Still, says, “MySQL has already 
forced prices down databases.” And 
the price pressure will pick steam with 
the release MySQL Enterprise two 
years. MySQL gets another small boost 
next month when Pogo Linux Inc., sup- 
plier preconfigured Linux servers and 
workstations, ships its first database ap- 
pliance, the DataWare 2600, Linux- 
World San Francisco. 
The Redmond, Wash.- 
based company MySQL’s 
first hardware partner, and 
it’s just start-up. Still, 

the relentless open-source 
drumbeat pounding the 
heads operating system 
heard the database gi- 
ants, too. One the more 
intriguing new products 
encounter this summer 

from Procom Technol- 
ogy Inc. Irvine, Calif. 
William Long, vice presi- 
dent product planning 
and development, assures 


age 


IBM Shifts Life-Cycle Management Focus 


P-p 


everyone that the product, called Taurus, 
neither Ford nor astrological sign, 
but rather “bridge product” for wireless 
networks and network-attached storage. 
You probably didn’t even know that 
bridge needed crossing, but the Taurus, 
which being unveiled today, serves 
both wireless access point and data 
storage appliance. The Linux-based de- 
vice offers 600-ft. line-of-sight access 


range from clients and has 


Cool Security 


asimple LCD display for 
set and troubleshoot- 
ing. Long claims that the 
small device (about the 
size the latest Harry Potter 
novel) will start cropping 
public wireless hot 
spots because it’s easy 
install and inexpensive. 
And since has 
250GB local storage, 
lets users publish gobs 
information the Web. 
40GB unit starts $1,699. 
Still have some pesky Mac- 
intoshes your company? 
Well, starting tomorrow, 


and 
expo! ts 
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you can back them with Retrospect 5.1 
for the Macintosh from Dantz Develop- 
ment Corp. Orinda, Calif. The upgrade 
adds Red Hat Linux client support (it al- 
ready supported Windows clients) and 

disaster recovery that lets you 
boot dead-in-the-water Macs and recover 
your data using single disc. Web ser- 
vices can clog your network with extra over- 
head, you need test those applica- 
tions stringently, advises CIO Michael 
Stoeckert EPL Inc., Birmingham, 
Ala.-based services firm for banks 
and credit unions. says EPL has new 
application for processing check orders 
its customers place with check printers, 
service couldn’t offer until the ad- 
vent XML, SOAP and other Web ser- 
vices protocols. Stoeckert uses LoadRun- 
ner, network test tool from Mercury 
Interactive Corp. Sunnyvale, Calif. 

also runs Mercury’s SiteScope 
track the services-based application 

its packets trek and fro because 
“latency can problem” when you 
are dealing with machines outside your 
own data center. Stoeckert isn’t overly 
concerned about security for the applica- 
tion because “it was not architected 

Web service for B2C model. 

the B2B world.” much safer place. 

B2B operation different sort 

being run Geekcorps, North 
Adams, Mass.-based volunteer organiza- 
tion that seeks technology experts who 
are willing help businesses develop- 
ing countries design, deploy and run 
information technologies. So far, more 
than 1,500 volunteers have contributed 
their know-how places like Bulgaria, 
Ghana, Jordan and Mongolia. The usual 
stint takes three four months. Geek- 
corps staffers say many pros sign 

while between jobs. So, while you’re 
waiting for the recession end and work 

begin, you can give little back 

the planet. 


and they like 
see their vendors compli- 


JAIKUMAR 
IBM will launch year’s end 
bundled Express versions 
its product life-cycle manage- 
ment (PLM) software part 
recently announced cam- 
paign targeting small and mid- 


size manufacturing companies. 


Under the first phase the 
initiative, IBM will attempt 
sell PLM software that’s tuned 
for deployment companies 
that manufacture industrial 
machinery and components, 
mobile equipment and con- 
sumer goods. PLM tools are 


designed improve manufac- 
turing efficiency, product 
quality and time market. 

IBM’s effort addresses 
important need, according 
Miller, president CIM- 
data Inc., consultancy 
Ann Arbor, Mich. 

you look the PLM 
market, the majority invest- 
ments has traditionally come 
from major companies,” Miller 
said. “But what are finding 
over the last couple years 
increasing interest from 


small midsize organiza- 


tions” that want take advan- 
tage the potential benefits 
PLM. 

Jomico Metal Fabricators, 
sheet metal shop St. Louis, 
considering implementing 
document management capa- 
bility for its CATIA engineer- 
ing software from IBM. The 
company supplier the 
likes Lockheed Martin 
Corp. and The Boeing Co. and 
under pressure stream- 
line the process for managing 
its engineering documents. 

lot our customers are 


ance well,” said Dave Hen- 
son, CAD/CAM systems man- 
ager Jomico. But until now, 
Jomico couldn’t afford im- 
plement PLM capability. 
The hope that IBM’s PLM 
Express initiative will change 
that, Henson said. 

The idea take some 
the complexity and cost out 
PLM deployments, especially 
for smaller companies where 
both issues are critical tech- 
nology adoption, said Debbie 
Walker, product manager 
with IBM’s PLM group. 
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Has your Web Hosting provider 
left you dangling? 


Put your business solid ground. While some Web Hosting providers are abandoning their hosting operations 
struggling with questionable finances, AT&T continues grow and integrate our hosting services into our networking 
architecture ensure predictable performance your applications environment. 
You can count best-in-class hosting services deliver: 
FREE migration and 
Performance advantages 24X365 predictive management platform. transition services 


Stability, security and reliability global data centers. Aggressive and competitive 
financial incentives 


Scalability, on-demand capacity and ultra availability enterprise networking solutions. 


Industry-leading portal and reporting services for optimum control and visibility. 


Full satisfaction guaranteed 


AT&T hosting professionals will ensure your migration simple and efficient possible. 


Contact your AT&T Representative our Rapid Response Team 866 409-7054, 


visit www.att.com/hosting. 


“Eligibility and certain restrictions apply. Call or log on to learn more. Offer expires 8/31/03. 


Unisys Tunes JVM for ES7000 


NEWS 


Provides Unix alternative enabling 
Java applications run Datacenter 


CAROL SLIWA 
NISYS CORP. today 
making available 
Java virtual ma- 
chine (JVM) that 
has specially tuned for its 32- 
processor ES7000 system run- 
ning Microsoft Corp.’s high- 
end Windows Datacenter 
server operating system. 

The Blue Bell, Pa.-based 
company claims that its new 
JVM which will enable Java 
applications run Win- 
dows the Intel- 
based processors will pro- 
vide alternative Unix for 
independent software vendors 
and enterprise customers who 
need high-end, enterprise- 
class performance with Java. 

But it’s unclear how much 
appeal the JVM will hold for 
existing ES7000 customers, 


many whom are devoted 
Microsoft users. 

“We are currently commit- 
ted Microsoft development, 
the use Java isn’t current- 
entertained here,” said Mor- 
ris Koeneke, database ser- 
vices manager Addison, 
Texas-based Mary Kay Inc., 
which has several ES7000s. 

Bob Crownhart, direc- 
tor Premera Blue Cross 
Mountlake Terrace, Wash., 
said the health insurer doesn’t 
run Java applications its 
ES7000 have any plans 
so. But added that 
has problem with Unisys 
developing JVM for the 
ES7000, as long as it’s an 
optional element. 

Crownhart said doesn’t 
like see Unisys depart from 
Microsoft’s direction and 


Group Led 


would have concerns Unisys 
shipped the JVM with the 
ES7000 and affected the ser- 
vice packs maintenance re- 
leases that Unisys ships. 

“In those service packs, 
have look for any 
patches hot fixes that 
specialized [JVM], because 
you know they’re not going 
code right the first time,” 
Crownhart said. “cus- 
tomized piece,” such the 
Unisys JVM, might “thwart 
uniformity,” added. 


Gauging User Interest 
Walt Lapinsky, director 
strategic software Unisys, 
said the new JVM can 
said the company will consid- 
shipping with the ES7000 
interest high. 

The Unisys JVM has been 
available beta format for 
roughly year, and few cus- 
tomers and independent soft- 


ware vendors have used it, 
Lapinsky said. Unisys declined 
provide the names any 
beta testers. 

Lapinsky said customers 
that are trying consolidate 
servers for ease manage- 
ment are unable with 
their Java applications the 
Windows Datacenter environ- 
ment, Unisys saw need 
provide way that. 

John Meyer, analyst 
Cambridge, Mass.-based For- 
rester Research Inc., said 
made sense for Unisys be- 


www.computerworld.com 


gin supporting Java pro- 
actively does Microsoft, 
since Java Unix has been 
the more credible platform for 
large-scale, back-office appli- 
cations the past two years. 

Meyer said thinks the 
trend will continue toward 
Intel-based systems hosting 
what Unix systems have tradi- 
tionally been known for. Win- 
dows can viable operating 
system for deploying applica- 
tions that need significant 
scalability, and users can 
lower cost than with Unix 
systems, said. 

But Meyer said Unisys will 
need get application server 
vendors support its 
order have viable offer- 
ing. “Unless the other vendors 
support it, the uptake the 
use for J2EE the Uni- 
sys platform will probably 
much less than what has the 
potential for being,” said. 

far, there has been in- 
dication whether IBM and 
BEA Systems Inc., the leading 
Java application server ven- 
dors, will provide support. 


Microsoft 


Releases User Identity Spec 


Must converge with 
user-backed Liberty 
work 


CAROL SLIWA AND 
TOMMY PETERSON 

The fifth seven parts 
Web services security plan 
drawn months ago 
IBM and Microsoft Corp. 
emerged last week. But will 
have reconciled with 
work already done the 
user-backed Liberty Alliance 
Project. 

The newest specification, 
called Web Services Federa- 
tion (WS-Federation), de- 
scribes how exchange user 
identity information among 
systems that rely different 
security models. VeriSign Inc., 
BEA Systems Inc. and RSA Se- 
curity Inc. helped IBM and 
Microsoft draft the specifica- 
tion, which will now be sub- 


ject public review period 
undetermined duration. 
Even though the 170-mem- 
ber-plus Liberty Alliance has 
focused federated identity, 
the smaller group led IBM 
and Microsoft said its efforts 
stand conflict. The 
Liberty Alliance’s membership 
extends beyond technology 
vendors companies such 
American Express Co., Bank 
of America Corp., General 
Motors Corp. and UAL Corp. 
anxious work 


with them find way for 
them take advantage this 
key infrastructure,” said Karla 
Norsworthy, director dy- 
namic e-business technolo- 
gies IBM. 

Steven VanRoekel, director 
Web services marketing 
Microsoft, said the technology 
introduced WS-Federation 
“very complementary” the 
Liberty Alliance’s work. 
said Liberty targeted the spe- 
cific scenario consumers 
opting allow their informa- 


Web Services Federation Language: Defines how different security sys- 
tems broker identities, attributes and among Web services. 


Requestor Profile: Describes how federation mechanisms can 
used passive clients, such Web browsers Web-enabled cell phones, 


provide identity services 


Active Requestor Profile: Defines how federation mechanisms can 
used active clients, such Web services and smart clients. 


tion shared among 
corporations service pro- 
viders, whereas WS-Federation 
addresses the broader issue 
federating multiple identity 
systems one another. 

“Right now, specs are 
underspecified, and Liberty 
specs are overspecified. 
would obviously help peo- 
ple would get room and 
talk about it, but don’t know 
how soon that will happen,” 
said Bob Blakley, chief scien- 
tist for security and privacy 
IBM’s Tivoli Software divi- 
sion. also worked the 
Security Assertion Markup 
Language standard that key 
the Liberty Alliance’s work. 

For its part, the Liberty Al- 
liance welcomed the focus 
federated identity and pledged 
look the WS-Federation 
specification once goes 
open-standards body. 

“Convergence the two 
standards would benefit 
everyone, rather than having 
holy war,” said Slava Kavsan, 
vice president engineering 
RSA Security, which 
member Liberty Alliance 


and has also worked with the 
IBM/Microsoft group. 

Eric Norlin, vice president 
strategic marketing Ping 
Identity Corp., Liberty Al- 
liance member Denver, not- 
that convergence wouldn’t 
unprecedented. said the 
Liberty Alliance moved quick- 
adopt relevant parts 
the WS-Security specification 
once IBM, Microsoft and 
VeriSign turned over the 
Organization for the Advance- 
ment Structured Informa- 
tion Standards (OASIS). 

The authors WS-Federa- 
tion pledged submit the 
specification standards 
body. decision has been 
made about which one, but 
Norsworthy said OASIS 
“very likely candidate.” 

WS-Security, the first 
the road map specifica- 
tions published, went 
OASIS September. WS- 
Policy, WS-Trust and WS- 
SecureConversation, which 
were published December, 
are still the review stage 
and have yet submitted 


Windows Server 2003 Data- 
dows 2000 Datacenter 
WS-Federation 


Our post-relational database. 
The end object-relational mapping. 


For your next generation applications, 
move the next generation database technology: 
Caché, the post-relational database. 

What makes Caché “post-relational”? provides 
developers three integrated data access options which 
can used simultaneously the same data: 
advanced object database, high-performance SQL, 
and rich multidimensional access. 

Because Caché’s architecture multi- 
dimensional structure, applications built are 
massively scalable and lightning-fast. 

Plus, mapping required between object, 
relational, and multidimensional views data. 

This means huge savings both development and 
processing time. And, Caché-based applications 
require frequent database administration 
hardware and middleware upgrades. 


More than just database system, Caché 
incorporates powerful Web application develop- 
ment environment that dramatically reduces the 
time build and modify applications. 

The reliability Caché proven every day 
“life-or-death” applications hundreds the largest 
hospitals. Caché reliable, it’s the world’s leading 
database healthcare and powers enterprise 
applications financial services, government and 
many other sectors. 

are InterSystems, specialist database 
technology for years. provide 24x7 support 


four million users 
InterSystems 


countries. Caché available 
for Windows, OpenVMS, ACH 
Mac Linux and 


major UNIX platforms. Make Applications Faster 


© 2003 InterSystems Corporation. All rights reserved. InterSystems Caché is a registered trademark of InterSystems Corporation. 
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NEWS 


Software Market Hit 
Purchasing Delays 


While vendors’ financials fall short, 
users benefit from tough sales climate 


STACY COWLEY 
ITING PURCHASING 
delays stemming 
from the troubled 
economy, quite few 
software vendors 
are already warning 
that the numbers 
will grim when 
they release their financial re- 
sults later this month for the 
quarter that ended June 30. 
While PeopleSoft Inc. 
Pleasanton, Calif., unexpect- 
edly lived earlier fore- 
casts despite pressure from 
Oracle hostile takeover 
bid, fellow enterprise applica- 
tions maker Siebel Systems 
Inc. San Mateo, 
warned for the second quarter 
row that will miss its 
earlier guidance. 
Houston-based systems 
management software devel- 
oper BMC Software Inc. also 
fell short expectations for 
its most recent quarter, did 
all four the major pure-play 
enterprise application integra- 
tion vendors: Tibco Software 
Inc., WebMethods Inc., See- 
Beyond Technology Corp. and 
Vitria Technology Inc. 


Some Goods News 

Even though most this 
quarter’s earnings warnings 
came from software compa- 
nies, analysts said that the 
problems are concentrated 
certain niches and that the 
software sector overall re- 
mains healthy. 

more looking the 
glass half-full. general, 
seeing lot buying,” said 
Joshua Greenbaum, founder 
Enterprise Applications Con- 
sulting Inc. Daly City, Calif. 

the turbulent enterprise 
applications market, top ven- 
dors SAP AG, Oracle, People- 
Soft and Denver-based J.D. Ed- 
wards Co. are all perform- 


SPENDING 


ing well, said Greenbaum, who 
added that sees Siebel’s 
string rough quarters 
company-specific issue. 

“Siebel wants blame the 
economy for the 
trouble, but really 
think fundamental- 
they have some 
serious holes their product 
strategy that are really coming 
home roost,” said. 

While other developers of- 
fer clients full portfolios ap- 
plications handle variety 
corporate operations, Siebel 
has remained focused almost 
exclusively CRM offerings. 
And that focus will continue 
cost the company sales 
customers increasingly seek 


integrated suites, predicted. 


Gartner Inc. analyst Tom 
Topolinski contends that 
Siebel’s future isn’t quite that 
bleak. All the CRM vendors 
are adjusting market that 
will never again grow the 
rate did the late 1990s, 
and none them have yet 
perfected their formulas for 
generating sales the new 
environment, said Topolinski, 
research director Stamford, 
Conn.-based Gartner’s world- 
wide software applications 
group. 

The rate which sales are 
declining has slowed, but 
CRM vendors hit bot- 
tom and begin turn the cor- 
ner toward growth until the 
third fourth quarter this 
year, predicted. Gartner es- 
timates that new worldwide 
CRM license sales declined 
25% 2002, $2.8 billion, 
and will fall another 16% 


House Cuts 


Lawmakers cite 
lack oversight 


DAN VERTON 
The U.S. House Representa- 
tives last week passed de- 
fense spending bill that, ap- 
proved the Senate, would 
significantly reduce invest- 
ment technology that’s key 
the U.S. Department 
Defense’s so-called transfor- 
mation effort. 

The House voted 399-19 
cut $320 million spend- 
ing across the operations and 
maintenance accounts all 
four military services. The 
Navy and Air Force each lost 
$100 million planned spend- 
ing, while Army and depart- 
mentwide programs were 
each reduced $60 million. 
The Pentagon had requested 
$28 billion departmentwide 
spending programs. 

Officials from the Army, 


www.computerworld.com 


NOTES: *Preliminary estimate from company management 
**Consensus estimate of analysts polled by Thomson Financial/First Call 


+Quarter ended May 31 


2003 before finally picking 

With even the healthiest 
companies sensitive the 
tough climate for software 
sales, the vendors’ bane can 
the customers’ boon. 

J.E. Henry, CIO at Knoxville, 
Tenn.-based movie theater 
operator Regal Entertainment 
Group, recently went shop- 
ping for CRM system for 
Regal’s Denver-based Regal 
CineMedia advertising sub- 
sidiary. After evaluating 


several vendors, Henry settled 
PeopleSoft’s technology 
the best match for Regal Cine- 
Media’s needs. But all the 
vendors talked with offered 
more flexibility than was com- 
mon two years ago, said. 
“The software vendors are 
very open negotiating, far 
pricing and contract terms,” 
said. “That tells you some- 
thing about the 


Cowley reporter for the IDG 
News Service. 


Pentagon’s Budget 


Navy and Air Force declined 
comment last week what 
one official from the Army 
CIO’s office called pending 
legislation. The House and 
Senate must still hash out 
compromise the measure 
joint session. 

the bill published July the 
House Appropriations Com- 
mittee said was concerned 
about the continued growth 
programs, especially opera- 
tions and maintenance ac- 
counts. In addition, lawmakers 
said they have reservations 
“lack oversight and 


[IT spending 
is] the last 
thing that should 
cut, not the first. 


JAMES ADAMS, CEO, THE ASHLAND 
INSTITUTE FOR STRATEGIC STUDIES 


management attention” given 
many Pentagon pro- 
grams. 

“Over the last two fiscal 
years, the information tech- 
nology budget has increased 
over 15% the operation and 
maintenance accounts,” the 
report said. “While the Com- 
mittee fully supports the 
transformational efforts the 
department, the Committee 
continues believe that the 
Department Defense must 
more effective eliminat- 
ing unneeded legacy systems 
and consolidating the large 
number disparate networks 
that are currently being 
maintained.” 

senior staff member 
Capitol Hill who spoke 
condition anonymity said 
the basic reason for the reduc- 
tions the Pentagon’s “lack 
comes investments. 

not seeing whole 


lot effective program man- 
agement either,” said the 
staffer. “Until they get that 
right, how can they expect 
keep funding these pro- 
grams the levels they are 
requesting?” 


‘Warning Shot’ 

James Adams, founder and 
CEO The Ashland Institute 
for Strategic Studies Ash- 
land, Ore., and former ad- 
viser for the National Security 
Agency, said the cuts aren’t 
deep signal major tech- 
nology crisis for the Defense 
Department. 

“Usually, these sums 
money are warning shots,” 
said Adams. “Still, doesn’t 
seem very rational me. The 
requirement make the ser- 
vices [fight more effectively 
team] more investment 
infrastructure, not less. You 
can’t effectively [integrate mil- 
itary services] unless you have 
solid infrastructure. It’s 
the last thing that should 
cut, not the first.” 
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Agrees Buy 
Security Software 


Hewlett-Packard Co. said has 
agreed buy Web-based user 
identity management software 
from Baltimore Technologies PLC 
Hemel Hempstead, England. 
will pay about $13.6 million 
cash for the SelectAccess tech- 
nology, according Baltimore, 
which looking sell off all its 
operations. The deal between the 
two companies expected 
completed next month. 


Chairman 
Steps Down... 


Symbol Technologies Inc. said 
Jerome Swartz has resigned 
chairman and chief scientist 
the Holtsville, N.Y.-based com- 
pany, which being investigated 
for accounting violations the 
U.S. Securities and Exchange 
Commission and the U.S. attor- 
ney’s office New York. CEO 
Richard will serve 
chairman until the maker 
wireless devices and bar code 
scanners holds its annual share- 
holders’ meeting October. 


While Two Top 
Execs Exit Proxim 


Proxim Corp., Sunnyvale, 
Calif.-based maker wireless 
LAN equipment, announced that 
Chairman Jonathan Zakin and 
Vice Chairman David King will 
both resign from its board and 
give their positions corpo- 
rate officers. Proxim also said 
that expects report loss 
about $50 million revenue 
approximately $35 million for 
the second quarter. 


Short Takes 


Thomas Lesica was named 
group vice president global 
and business operations 
AVAYA INC. Basking Ridge, 
N.J... . INTEL CORP. said it has 
acquired WEST BAY SEMICON- 
DUCTOR INC., Vancouver, 
British Columbia-based maker 
optical networking chips. 


NEWS 


Event Focus Security, 
On-Demand Technologies 


Software vendor expected announce 
release security portal conference 


MARC SONGINI 
tries cope with the 
continuing lull spending, 
Computer Associates Interna- 
tional Inc. expect- 
make big push- 
security and 


its plans for the portal tech- 
nology last September 
Link 32832]. 
officials declined 
comment about other 


on-demand comput- 
ing technology its annual 
user conference this week. 
Among the announcements 
expected World 2003 
Las Vegas the release the 
company’s eTrust Security 
Command Center software, 
portal-based product that will 
let staffers centrally man- 
age security applications from 
different vendors across va- 
riety systems. detailed 


Continued from page 
Sarbanes 


AMR Research Inc. Boston. 
From perspective, Sec- 
tion 409 “will cause the most 
heartburn” all the Sarbanes- 
Oxley mandates, said. 

Jim Honerkamp, CIO Clo- 
pay Corp., said officials the 
Mason, Ohio-based building 
products maker “do anticipate 
considerable amount 
work” being necessary 
because Sarbanes-Oxley re- 
quirements like the ones 
spelled out Section 409. 

Honerkamp has 


cussed this week. But 
based the agenda for 
World, the vendor will also 
promote its efforts around Lin- 
adoption and further detail 
its strategies for supporting on- 
demand computing and Web 
services technology. 

For example, likely will 
announce new automated pro- 
visioning capabilities designed 
let managers more fully 
exploit the network and server 


assets they have their data 
centers, sources said. 

The company made its initial 
foray into on-demand comput- 
ing late April, when un- 
veiled set six new up- 
graded software products that 
can used dynamically al- 
locate computing resources 
specific applications busi- 
ness demands change. 

Rich Ptak, analyst Ptak 
Associates Inc. Amherst, 
N.H., said on-demand technol- 
ogy should help corporate 
users get improved payback 
from their existing infra- 
structures. offering fo- 
cused companies’ need 
rapidly install new applica- 
tions, added. 

Electronic Theatre Controls 
Inc., Middleton, Wis.-based 
maker theatrical lighting 


done Section 409,” said 
Robert Handler, an analyst at 
Meta Group Inc. in Stamford, 
Conn. “Most the work that 
being done has been 
Section 404.” 

That’s the case Globix 
Corp. Jameson Holcombe, se- 
nior vice president opera- 
tions Globix, said the New 
York-based provider man- 
aged hosting services cur- 
rently focusing docu- 
menting its financial and ac- 
counting processes meet 
the Section 404 requirements. 
Once that process complet- 
ed, which Holcombe expects 

happen mid- 


already begun 
working with busi- 
ness executives 
and Clopay’s audi- 


for complying 
with facets the 
new law, including Section 
409. But acknowledged that 
the company’s department 
“just starting” focus the 
software development, data se- 
curity and consulting invest- 
ments that will needed. 
“Very little work being 


MORE ONLINE 


Standardized IT governance 
frameworks could help 

: companies to comply with 
tors define inter- 

nal control QuickLink 39817 
www.computerworld.com 


September, Globix 
officials plan be- 
gin addressing the 
company’s automa- 
tion needs, includ- 
ing ones tied 
Section 409. 
Sarbanes-Oxley 
compliance efforts are compli- 
cated the fact that much 
the law’s language “is am- 
biguous,” Holcombe said. “For 
example, what ‘material’?” 
added that hopes the 
SEC will publish specific 
guidelines for complying with 


Section 409 and other parts 
Sarbanes-Oxley September. 

event that may fall under the 
requirements Section 409 
the loss major sales con- 
tract to a competitor, Handler 
said. Potential sales are often 
taken into account when com- 
panies make public revenue 
forecasts, noted. 

Cost overruns proj- 
ects and other major capital 
expenditures could also quali- 
material events that need 
parties within hours. 


Batch Problems 


The shift near-real-time 
computing environment could 
particularly onerous for 
departments big companies 
that rely heavily batch 
processing, such banks and 
telecommunications carriers. 

Ulysses Knotts, CEO 
CommerceQuest Inc., Tam- 
pa, Fla.-based vendor proc- 
ess-modeling software for Sar- 
banes-Oxley compliance, pre- 
dicted that most big users will 
build batch and real- 
time reporting systems. “Show 
company worth more 


www.computerworld.com 


equipment, uses CA’s Unicen- 
ter systems management soft- 
ware. Mike Eckert, enter- 
prise automation specialist 
the company, said his 
World plans include looking 
eTrust Intrusion Detec- 
tion software tool that 
could “help filter what Web 
sites users can see.” 

addition, Eckert said he’s 
interested examining prod- 
ucts that can help beef 
Electronic Theatre Controls’ 
virus-protection capabilities 
and investigating how Unicen- 
ter integrates with the overall 
eTrust product line. 

Mike Stevenson, enterprise 
administrator the Peel Re- 
gional Police data center 
Brampton, Ontario, also plans 
attend World. But 
Stevenson said that he’s less 
interested learning about 
specific product capabilities 
than hearing about 
overall strategic direc- 
tion. The police agency also 
Unicenter user. 


Very little 
work 


being done 
Section 409. 


ROBERT HANDLER, ANALYST, 
META GROUP INC. 


than $10 billion that’s going 
eliminate batch,” said. 
“They just can’t it.” 

Data marts that extract in- 
formation from transaction 
systems might provide some 
relief reporting material 
events, Knotts said. But most 
existing data marts have been 
built meet planning mar- 
keting requirements that have 
turnaround times longer than 
hours, added. 

Handler said he’s worried 
that many companies will pro- 
crastinate about taking steps 
meet the Section 409 re- 
quirements. drew analo- 
between Sarbanes-Oxley 
and how businesses reacted 
the Y2k problem. “We knew 
about it, then hemmed and 
hawed, and then reacted 
again with two years and 
scrambled,” Handler 
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d330 
SLIM TOWER 


Starting at: 


Intel® Pentium® 4 processor 2.40 GHz 


Small footprint design for limited space 
environments 


Form factor can be used as a desktop 
or minitower 


Microso#” Windows” XP Pro 
Enhanced serviceability with tool-less access 
3-Year Parts/1-Year Labor/1-Year On-site’* 


Optional HP Drive Key (64MB) mobile 
storage solution 


matter how you look it, better off replacing your aging PCs than 
fixing them. When you consider that 80% lifecycle costs are support and maintenance, it’s easy see that 
new PCs help your business run smoother. replacing PCs three more years old, also avoid looming security 
risks associated with dated technology. enjoy modern security and old-fashioned sense well-being. Productivity 
will rise and blood pressure will fall. The d330 series helps you more because it’s set with the Intel” 
processor 2.40 GHz and plenty RAM. helps you more, more confidently, with the advanced security Microsoft 
Windows” Pro. With the Desktop d330 series, you can demand more accountability, more agility and better 


return IT, well the reliability, service and support you get any product 


Upgrade your business with help from HP. 
learn more, call your sales representative 
visit 


HP PC MIGRATION SERVICE 


Need help with all the tasks associated with upgrading to new PCs? 


HP can help with disposal, deployment, data migration and more 


DESKTOP/NOTEBOOK TRADE-IN 


Get $220 cash back desktops and $500 cash back notebooks 


CLIENT-MANAGEMENT SOFTWARE PROOF 
CONCEPT 


On-site trial solution showing you how to save time and costs in IT with 


managing your network and deploying PCs 


SECURITY HEALTH CHECK 
9? 


Do you know where your IT environment is vulnerable to security risks? 


HP offers a no-obligation, on-site security assessment of your network 


SNAPSHOT 
Show your boss how you can save the company IT money with this 


customized printout of your business 
invent 


recommends Microsoft® Windows” Professional for Business. 


What stand gain replacing your old PCs? lot, for starters 
| 
pentium 
‘ “Price shown is HP direct price; monitor is not included. Reseller and retailer prices may vary. Price shown is subject to change and does not include applicable state and local taxes or shipping to recipient's destination. Optional security features sold separately for d330 series. Photox ft accurately represent exact : 
i configurations priced. While supplies last. Limited order quantities. HP reserves the right to modify or withdraw offers or promotions at any time. Some product restrictions or other fees may apply. “Certain warranty restrictions and exclusions may apply. For complete warranty det: 1 4 1 Microsoft and Piss 
pie. Windows are registered trademarks of Microsoft Corporation in the United States and/or other countries. intel, Intel Inside, the Intel Inside Logo, Pentium and Celeron are trademarks of Intel Corporation or its subsidianes in the United States and other countries jewdett-Packard Development Compa ane, 


FREE White Paper! 


“Avoiding Costs from Oversizing 
Server Room and Network 


Room 

Just mail or fax this completed coupon 
or contact APC for your FREE white 
paper, “Avoiding Costs from 
Oversizing Server Room and 
Network Room Infrastructure” 

Also receive our FREE InfraStruXure” 
brochure. Better yet, order both today 


at the APC Web site! Key Code 
m219y 
(888) 289-APCC x2894 FAX: (401) 788-2797 


Legendary 


“Avoiding Costs from Oversizing Server Room 
REE White Paper and Network Room Infrastructure” 


C YES! Please send me my FREE white paper and InfraStruXure™ brochure 


fl NO, |'m not interested at this time, but please add me to your mailing list 


Name 


Phone Fax 
O Yes! Send me more information via e-mail and sign me up for APC PowerNews e-mail newsletter. Key Code m219y 


What type of availability solution do you need? 
UPS: 0-16KVA (Single-phase) () UPS: 10-B80kVA (3-phase AC) () UPS: 80+ KVA (3-phase AC) (©) DC Power 
} Network Enclosures and Racks () Precision Air Conditioning () Monitoring and Management 
©) Cables/Wires (© Mobile Protection © Surge Protection () UPS Upgrade ©) Don't know 

Purchase timeframe? () <1 Month (©) 1-3 Months (©) 3-12 Months (©) 1Yr Plus Don't know 

You are (check 1): () Home/Home Office (4 Business (<1000 employees) ( Large Corp. (>1000 employees) 
© Gov't, Education, Public Org. © APC Sellers & Partners 

©2003 APC. All trademarks are the property of their owners. ISXIB3EB-USd ¢ 
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NEWS 


Hotel Goes Wireless 
With Voice/Data Net 


Uses new SIP standard offer voice 
and text messaging via wireless phones 


MATT HAMBLEN 
OTEL Common- 
wealth Boston 
opened last month 
with network 

infrastructure that supports 

voice and text messaging in- 
hotel wireless phones and oth- 
interactive applications for 
guests, all relying the Ses- 
sion Initiation Protocol (SIP). 
A few other USS. hotels, in- 
cluding the Sheraton Sonoma 

County Petaluma, 

have deployed combined 

voice and data networks. 

But Hotel Commonweaith’s 

use the emerging SIP inter- 

operability standard appears 
industry, said Brian Riggs, 
analyst Sterling, Va.-based 


Current Analysis Inc. 
Paris-based Alcatel last 
week announced that pro- 
vided the switches that sup- 
port SIP the heart the ho- 
tel’s network, plus its Alcatel 
Personal Wireless Telephony 
phones. Hotel Commonwealth 
guest rooms also have wire- 
line phones that can receive 
text and graphical messages 
3-by-3-in. screens. Those 
phones are made Woburn, 
Mass.-based Pingtel Corp. 
Timothy Kirwan, managing 
director the independently 
operated hotel, said the 
voice and data technology was 
chosen over traditional pri- 
vate branch exchange (PBX). 
IP-based system that 
supports SIP offers more flexi- 


bility for adding features 
obsolete three five 
years,” Kirwan said. Cisco Sys- 
tems Inc. was the other finalist 
for the switch deal, added. 

“We were very concerned 
about the intuitiveness the 
technology,” Kirwan said, 
since most hotel guests stay 
less than hours and 
tolerate having master com- 
plex products. But the de- 
vices appear catching on, 
said, noting that saw 
guests carrying Alcatel’s wire- 
less phones the first day 
the hotel was open. 

Riggs said the Hotel Com- 
monwealth’s network the 
largest convergence project 
undertaken U.S.-based 
hotel that he’s aware of. 

Alcatel’s commitment SIP 
was important decision 
that adds layer standard- 


ization the hotel’s choice 
with technology, said 
Stewart Randall, principal 
consultant Communications 
Design Associates Inc. Nor- 
wood, Mass. Randall acted 
the lead consultant the 
project, starting 1998. 

SIP has yet formally 
ratified the Internet Engi- 
neering Task Force. But the 
use the technology frees 
Hotel Commonwealth re- 
place its Alcatel and Pingtel 
phones, necessary, with oth- 
devices that support the 


www.computerworld.com 


standard, Randall said. ad- 
dition, other network devices 
and applications, such 
point-of-sale call account- 
ing systems, should interoper- 
ate with Alcatel’s OmniPCX 
Enterprise IP-PBX switches. 
Randall said the hotel’s 
infrastructure cost more than 
million set up. But de- 
spite its investments the 
network, high-speed Internet 
access and other high-tech 
amenities, the hotel isn’t tack- 
ing daily user fees onto its 
room rates, Kirwan said. DB 


Continued from page 

iJ 
Wi-Fi 
Wi-Fi links whether they 
should simply provide the In- 
ternet and e-mail access capa- 
bilities for free the hope 
that increased sales food, 
drinks and other products will 
more than offset the cost 
the technology. 

That issue currently being 
weighed McDonald’s Corp., 
which last week launched 
Wi-Fi pilot project 
restaurants the San Francis- 
Bay area through deal 
with Austin-based Internet ac- 
cess provider Wayport Inc. 

Mark Jamison, vice presi- 
dent business strategy and 
development McDonald’s, 
said the Oak Brook, 
company will use the San 
Francisco trial and similar 
ones Chicago and New York 
evaluate potential pricing 
models for the service and 
Wi-Fi technology’s ability 
attract customers. 

Altogether, McDonald’s 


hours Wi-Fi access the 


plans equip several hundred 
restaurants the U.S. with 
Wi-Fi connections year’s 
end. Jamison said the fast-food 
chain charging $4.95 for two 


San Francisco locations, but 
customers who buy meal can 
use the technology for free. 
free service tests best with 
potential users, then that 
“the path follow,” added. 
Valencia Group, Houston- 
based hotel operator, decided 
offer free Wi-Fi access all 
public areas the luxury- 
class Hotel Valencia Santana 
Row, which opened last month 
San Jose. Matthew Nuss, 
Valencia’s executive vice pres- 
ident, said company officials 
view the Wi-Fi capability 
must-have amenity for guests. 
“Wireless, our opinion, 
the next running water,” Nuss 
said. “It’s become part the 
infrastructure hotel.” The 
Valencia Santana Row in- 
stalled seven wireless access 
points and pays about $2,000 
per month for the 
pipe that supports the Wi-Fi 


service. Nuss said the service 
well worth the cost be- 
cause helps the hotel attract 
technology-savvy travelers. 
Schlotzky’s Inc., Austin- 
based operator deli-style 
restaurants, currently offers 
free Wi-Fi service its 
600-plus restaurants. Monica 
Landers, spokeswoman for 
Schlotzky’s, said the chain 
started offering Internet ac- 
cess capabilities year ago 


Public WLAN 
Hot Spots 
Worldwide 


50,287 


SAN JOSE 


2,274 


*Projected 


SOURCE. DATAQUEST INC 


service and 
quickly found that the tech- 
nology paid off terms in- 
creased customer traffic. 

Twelve company-owned 
stores the Austin area that 
offer Wi-Fi service each pull 
extra customers daily 
average, Landers said. She 
added that customers spend 
average each per visit, 
Schlotzky’s easily gets 
payback the $300 month 
restaurant. meeting this 
week, Schlotzky’s officials 
plan encourage franchisees 
add Wi-Fi service their 
restaurants. 

VIA Rail Canada Inc., which 
operates passenger trains 
throughout Canada, last week 
kicked off four-month test 
which will offer Wi-Fi ac- 
cess some trains between 
Montreal and Toronto. 

Guy Faulkner, product man- 
ager for corridor services 
Montreal-based VIA, said the 
railway charge for the 
service during the trial. But 
VIA will ask passengers what 


they would willing pay 
for Wi-Fi access, said. 

Seattle-based Starbucks 
Corp. launched Wi-Fi service 
its U.S. cafes last August 
and now offers access about 
2,000 locations. Users have 
sign for the service with 
Bellevue, Wash.-based T-Mo- 
bile USA Inc., whose prices 
start $19.99 per month. 

Lovina McMurchy, director 
Wi-Fi business and alliances 
Starbucks, said the compa- 
plans stick with that ap- 
proach. But she added that 
Wi-Fi hot-spot deployment 
learning experience” for 
businesses and said it’s hard 
tell how different pricing 
plans free services will play 
out. this point, lot com- 
panies are still just “dabbling” 
Wi-Fi through pilot proj- 
ects, McMurchy 


ENTERPRISE 


AT&T and WorldCom both added Wi-Fi 
access capabilities to the VPN services 
they offer corporate users: 


QuickLink 39743 
www.computerworld.com 


OTEL COMMONWEALTH in Bos is be 
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Integrated Cable Routing 
Self-contained cable routing 
allows for installation anywhere - 
no raised floor needed. 


| Optimizes heat 

| removal from 

| densely configured 
racks. 


[cool air] 


PDU with | 

Rack-optimized 

design with NetworkAIR™ FM 


configure-to-order 
multi-branch whips 


to speed installation. for environmentally 


InfraStruXure” 
Manager 
Remote manage- 
ment of system 
through a single 
IP address. 
Environmental 
Monitoring 
Local or remote 
monitoring of 
temperature and 
humidity in your 
enclosures. 


N+1 UPS Rack-mount Next Generation Air Distribution Unit 
Scalable, modular PDU Enclosure Delivers equalized airflow from 
and manageable Up to 42 Designed for the the bottom to the top of the 


enclosure to help eliminate 
unequal temperatures 
and protect sensitive electronics. 


with N+1 capability 
for unmatched 
levels of availability. 


receptacies, 
monitored to 
eliminate branch 
circuit overloads. 


cabling, cooling and 
security demands of 
today’s IT. 


InfraStruXure™ the only patent-pending, architecture for 
on-demand, network-critical physical infrastructure network-critical physical infrastructure 
< Build out capacity only as it’s required with InfraStruXure’s 
open, adaptable and integrated approach. Select standard- 
ized components create your own customized solution. 
SOLUTIONS Solutions Magazine s 
Finally, you can target availability, pay as you grow, adapt petra hte “2002 Product of the Year” award. 
to change and maximize efficiency while minimizing 
Traditional data centers are lets you build out installation, operating, service and maintenance costs. 
built out for future capacity and capacity only as it's required. Save up 
require a large amount of floor to 50% CapEx and 20% OpEx*, and To find out more visit us online at www.apc.com, or see ¥ 
space that could otherwise reclaim average 20% usable below get your free InfraStruXure brochure and white 
utilized. High power density racks space. InfraStruXure AIR delivers 


paper today. 


create dangerous hot spots. cooling directly where it is needed, 
eliminating dangerous hot spots. 


Legendary 


*Representative savings based on projected power infrastructure built-out costs 
and estimated service cost per unit. Actual savings may vary. 


White Paper “Avoiding Costs from Oversizing Server Room 
and Network Room Infrastructure” and Free Brochure 


Visit Key Code Call 888-289-APCC x2894 Fax 401-788-2797 
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Modular floor mount 
precision air conditioning 


sensitive equipment areas. 


Cure 


Pay you grow with new 


Open, adaptable and integrated 
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For those you who need little help convincing your C.E.O. that 
BEA the right choice for your business, please use this handy form. 


=. 

® 

® 
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recommend that use the 
BEA WebLogic’ Enterprise Platform 
for all future software integration. 


While you may not have heard 
BEA, they offer the only platform 
that both strong enough 
handle our mission-critical projects 
and easier use. acknowledge 
that accountable for 
actions, and fully prepared 
take the fall for this decision. 


But when this works, you owe 
big. 


Sincerely, 


(YOU) 


| 
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OPINION 


MARYFRAN JOHNSON 


Dog Days Unix? 


FORTUNES and misfortunes 
Unix have always fascinated me, and 
honestly, consider this something 
personal problem. Like voting for 
Democrats trying house-train 
dachshund (both clearly wasted efforts). 


trace Unix afflic- 
tion back more than 
Computerworld reporter, 
when was covering the 
piteous struggles the 
so-called Unix desktop 
wars. side lost quite 
spectacularly the Mi- 
crosoft was 
clear defeat for open 
systems and decisive 
win for Windows, the 
most proprietary operat- 
ing system earth. 

Fast forward today, and Unix 
once again under siege, routinely 
derided “proprietary” by, all 
people, the Wintel crowd. But the 
most surprising attack coming 
from boisterous little Unix cousin 
with the same digital DNA twisting 
around its code and cuddly pen- 
guin for mascot. Linux, running 
Intel boxes, swarming the enter- 
prise the low end, bumping off 
the big-dog Unix variants (Sun So- 
laris, HP-UX and IBM’s AIX) almost 
often routs Windows NT. 

Linux impressing with its 
compelling cost savings and solid 
performance, supported rising 
chorus rabid fans among develop- 
ers and all the major systems and 
software vendors. 

So, Unix really doomed this 
time? too late adopt 
adorable mascot dachshund, 
perhaps? answered that question 
(not the mascot part, but the dooms- 
day scenario) our front page last 
week [QuickLink a3360]. And 
confirmed that Unix far from be- 
ing the guest honor any fare- 
well parties. 

Unix remains essential the 


most powerful applica- 
tions corporate enter- 
prises, says our survey 
291 managers and 
users. When asked how 
reliant their companies 
are Unix, 77% our 
respondents said “ex- 
tremely” “very” re- 
liant. More than half 
(56%) said Unix would 
indefinitely own the high 
end, while another 24% 
saw its importance de- 
clining but not disappearing. 

another two dozen interviews, 
corporate users told that while 
they love the economics Linux 
Intel the low end, they’re acutely 
aware that it’s still years away from 
the power, scalability, stability and 
support their data centers require. 
The moving-target nature Linux 
distributions that rapid evolution 
the code base that open-source 
devotees brag about hardly 


selling point for high-end business 
applications today. 

And real money still being 
spent Unix. Last year, businesses 
and governments worldwide spent 
nearly $21 billion Unix servers 
and $13.9 billion Windows, but 
only $2.8 billion Linux, reports 
IDC. Over the next five years, how- 
ever, IDC analysts expect Unix 
along, growing less than 3%, 
whereas Linux will racing its en- 
gines, growing more than 200% 
eventual $8.8 billion market. 

Listening the Linux vendors, 
have admire their marketing spin 
they denigrate Unix for its multi- 
ple versions (which they have 
abundance) and make giddy predic- 
tions about “Linux everywhere” 
phrase borrowed from Bill Gates’ 
playbook?). 

reality, the foreseeable future 
three-way race between Unix, Lin- 
and Windows with Linux 
more likely outrun Windows 
the high end than Unix. But regard- 
less how this race plays out, has 
only benefits for managers. Ro- 
bust competition ultimately drives 
prices down and choices up. Oh, and 
anybody wants try outmarket- 
ing that beguiling penguin, I’ve got 
very winsome dachshund like 
get out the house more often. 
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PIMM FOX 


Microsoft, 
Lead the 
Spam War! 


INDEPENDENT, 

trusted authorities 

with best practices, 
authorize them mediate 
disputes, add negligible 
dose government interfer- 


ence, and what you have? 
The technology industry’s get-tough 
policy pernicious problem: spam. 
Back in May, the Senate Committee 
Commerce, Science and Trans- 
portation held hearings spam. 
written testimony, Microsoft Chairman 
Bill Gates didn’t say much about im- 
proving government 
regulations, tighten- 
ing existing laws 
beefing enforce- 
ment talent the 
Federal Trade Com- 
mission. Nor did 
explicitly support 
Virginia legislation 


| 


(signed April) that 
has made felony 
send unsolicited 


writer 
Santa Barbara, Calif. 


— 


PIMM FOX iS 


bulk e-mail contain- 
ing falsified routing 
information. Vir- 
ginia’s law goes further than the anti- 
spam statutes other states per- 
mitting felony prosecutions and 
seizure assets. 

Instead, Gates who says hates 
spam offered dose research 
and marketing. Sure, the announce- 
ment 20-person Microsoft team 
work spam good news, but falls 
far short what’s needed. (Note that 
the company’s security team didn’t get 
very far year.) 

The only way grab hold this 
marketing gone berserk also hold 
Internet service providers financially 
liable and make the penalties for 
spammers onerous enough thwart 
their business plans. Think millions! 

Telephone companies (prodded 
the 1991 Telephone Consumer Protec- 
tion Act) have blocking technology 
combat telemarketers. Surely, Micro- 
soft and IBM aren’t technology lag- 
gards. Gates should lead the technolo- 
charge remove from Outlook and 
Exchange advertisements for bigger 
penises, get-rich-quick schemes and 


Contact him at 


pimmfox@pacbell net, 


revo 


“ 


4 


operational costs not having hire people needed 


support multiple platforms. This all contributes 
impressive line: industry where competi- 
tors increasingly bleed red ink, JetBlue grew percent 
the first quarter 2003. Part that growth easily can 


attributed smart spending. 


“When JetBlue considers server solution, have 
three important criteria: scalability, manageability and 
says airline Vice Jeff 


these areas, [Intel] has been very good us.” 


course, you needn't high-flying startup benefit 
from efficient, economical and reliable systems. time 
when budgets remain constrained the weakened 
economy, leaders throughout the industry are increas- 
ingly turning the same scalable solutions, for the same 


solid business results, that have fueled success. 


COMMON CHALLENGES, 
UNIQUE SOLUTIONS 


Operating costs. Maintenance. Infrastructure upgrades. 
These are among the top challenges for leaders who 
struggle minimize new spending—while also consoli- 
dating and/or upgrading back-end servers maximize 
front-end business processes. It's almost Catch-22, this 
notion simultaneously controlling costs while unleash- 
ing new computing power and delivering greater business 
value. Yet companies such Rowe Price, Monster and 
NASDAQ have met these objectives building their sys- 
tems upon flexible, scalable and reliable Intel architecture- 
based computing platforms. Among the business benefits 


these companies have gained through smart investments: 


Competitive Advantage (see “Successfully 
Managing Rapid Growth 


Simplified Environments less costly main- 
tain (see Consolidation Rowe 


Greater Productivity and Enhanced TCO 
(see the Enterprise NASDAQ”) 


Like business/IT leaders everywhere, Doug Busch, vice- 
Intel, struggles with the same daunting 
business and technology challenges. And like his peers, 
Busch strives more than just maintain his tech- 


nology status also building for the future. 


achieve these goals, Busch and his staff have put their own 
server innovation work, and the investment 


has paid off in ways that also benefit Intel’s customers. 


ince Busch and his team have achieved huge savings 
transiti the company's global com- 
puting environment server solutions based the 
Xeon™ processor family. And with the anticipated cost sav- 
ings from 2-based servers, infrastructure 
will run complementary platforms that deliver better 
business results faster and more cost-effectively than their 


predecessors competing architectures. 


‘Given that newer platforms become faster and less expen- 
sive over time, the way approach server upgrade 
start with clean sheet says Busch, who oversees 
global technology unit. advising cus- 
tomers how achieve greater computing power and costs 
savings their own enterprises, Busch recommends the same 


methodology employed: Assess your com- 


puting requirements; Evaluate computing price/perform- 


ance trends; Calculate the Total Cost Ownership 
(TCO) ofa mntonaseeberts the TCO of a refresh to the 
cost simply buying more what's already place—includ- 


ing hardware, software licensing and operational expenses. 


Typically, refresh provides lower cost structure, Busch 


says, and enables departments build scalable, man- 


INTEL® XEON™ PROCESSOR 


Ideal for Mid-Tier CRM, SCM and 
Business Intelligence 


Aimed medium-sized computing environments, this 

32-bit platform optimized for midsize computer 

workloads the application and small medium data 

tiers. for customer relationship management, site 

management, business intelligence and supply chain 

management. 

For databases gigabytes memory 

Broad ecosystem standard solution providers 

Broad deployment enhances interoperability 
across platforms 

Runs thousands applications 

For more information Intel® Xeon™ processor 

MP-based servers, visit 


advanced tools from VMware and Aurema. The VMware 
from each other—that enable multiple operating systems 
26:7 ratio was chosen ensure quick payback 
Price has found the environment much easier 


SUPPLEMENT 


ADVERTISING 


ageable infrastructure for the the Intel Xeon 
processor and 2-based platforms, Intel and its 
customers gain the ability scale out and up—functionali- 


that delivers the business benefits detailed above. 


provide customers with the computing platforms neces- 
sary achieve these business benefits, Intel poured over 
$9.5 billion into R&D and manufacturing innovation fiscal 
year 2002. Much this investment went enrich the Intel 
Xeon processor family and fuel the emergence comple- 


mentary Intel Itanium processors (see boxes, and 4). 


THE ARCHITECTURE INVESTMENT 


R&D investment might seem counterintuitive cost- 
conscious leaders, but industry analysts say forward- 
thinking companies are the right track reap business 
value from continued investment server infrastructure. 
“Companies under-invest technology their 
lean reports worldwide management consultancy 
McKinsey technology, deployed intelligently, can 
help organizations make dramatic leaps productivity and 


redefine competition within [entire] sectors.” 


Enterprise architecture expenditures are 
smart investment future business benefits, says Jeffrey 


Hewitt, principal analyst with Gartner Inc. 


INTEL® ITANIUM® PROCESSOR “As worldwide economies begin show recovery, server 
Ideal for High-Performance Applications infrastructure improvements will come back into the picture 


Designed for the most demanding, data-intensive because companies seek stay competitive and 


enterprise and technical applications. ideal for these aging hardware Hewitt says. The server market 
critical applications: large databases, enterprise return growth will fueled primarily Intel 

resource planning (ERP), supply chain management the processor front and Windows* and Linux* from 
(SCM), business intelligence and high-performance perspective, adds. 


computing. 
64-bit, with support for 32-bit These market trends and independent analysis point 
For databases >4-16 gigabytes memory common conclusion: leaders must meet com- 
Key databases, tools, and enterprise applications mon business challenges—and investing 
are available now, with others ramping dramatically flexible, scalable, interoperable technology solutions. The 
throughout 2003 unpleasant alternative risk falling behind the race 
Choice operating systems, including Windows generate new business value and drive innovation. 


Server 2003, HP-UX and Linux. Optimized 
applications suitable for manufacturing, scientific, 


POWERFUL PLATFORMS 


energy and financial services solutions PEAK PERFORMANCE 


For more information Intel® 


isn’t just about the infrastructure. 
processor-based servers, visit www.intel.com/ad/servers 


Xeon processor and Itanium processor computing 


engines fuel more than stronger, increasingly versatile 


foundation. They also enable companies gain new busi- 
ness process efficiencies, streamlining business functions 


and enhancing employee productivity. 


Business leaders realize that advanced infrastructure 
can help extend their competitive advantages key areas 
and, when coupled with improved processes and capabili- 


ties, drive innovation and new opportunities 


“As anyone the Web knows, continuous enhancement 
critical attracting visitors and staying says 
Brian Farrey, president TMP Technologies, division 
Monster Worldwide, which manages technology resources 
for its parent company (host [Intel 
architecture] gives more options and much faster devel- 


opment times when enhancing our site.” 


Among the principal business benefits enabled 


evolving platforms: 


Improved Online Transaction Processing and 
CRM: Xeon processor MP-based are ideal 
for mid-tier business critical applications, helping companies 
all industries streamline business processes. Among the 


iness results enabled Intel Xeon processor MP- 


based platforms: improved customer relationship manage- 


ment, collaboration and business intelligence. 


Maximized Databases, ERP, SCM and High- 
processor uniquely designed for the most demanding, 
data-intensive enterprise applications. These high perform- 
ing computing engines enable businesses deploy their 
highest-end enterprise applications (e.g. large databases 
and business intelligence) cost-effective Intel-based 


servers, instead of those based on RISC architectures. 


NASDAQ has banked heavily family-based systems hold 2000 for the application 
pace with soaring transaction vol- operations for the 
deployment and support, Intel Itanium processor and future 
engine that continually for our future 


2-based servers provide faster data analysis and 


high availability such industries finance, manufacturing, 


energy and life sciences. 


Enhanced Business Performance, Reliability 


new Intel products, the Itanium® processor with 
cache, and the 


2.80 GHz/2MB, only improve upon the business results 


Xeon™ processor 


detailed above. 


With core frequency doubled and the cache 
doubled 6MB, new Itanium 2-based platforms are the ideal 
solution for compute-intensive, high-end enterprise applica- 
tions. With production software available today from Oracle, 
Microsoft and IBM, businesses can now deploy back-end data- 
bases Itanium 2-based servers. Moreover, the new 
processor with cache maintains full hardware and 
software compatibility with previous 2-based systems 


A\so, all processors today offer support for 


applications; new technology called the IA-32 Execution 


Layer will further enhance this capability 


Meanwhile, the new Intel Xeon processor 2.80 
GHz/2MB cache designed increase performance lev- 
els for mid-tier server applications that demand large 
amounts cache for frequent data access cycles. These 
new levels speed and scalability are ideal support 
robust CRM and SCM applications, allowing real-time 


access information fast data consolidation and analy- 


sis to support immediate opportunity identification—to 


cross-sell up-sell, for example—and business decisions. 


INDUSTRY LEADERSHIP 


industry leadership just marketing pitch; it’s 
operating philosophy ensure that technology solutions 
business challenges facing specific 


industries. Intel drives and jointly develops these solutions 


Database 


ased 


Oracle 


nd 


variety ways. Among them: 


Alliances: works through Original Equipment 
Manufacturers (OEMs), independent software vendors 
(ISVs), solution providers (SPs) and system integrators 
enable customers have range choices 
among complete, optimized solutions for their server 
infrastructure. Intel and this solutions community offer 
ready-made blueprints that help build successful enter- 
prise systems and stay ahead the competition. And 
two server families are backed groundswell 
operating Linux* and Unix*—hard- 
ware, software and database support. That support comes 
from technology leaders such BEA, Dell, IBM, 
Microsoft, Oracle, Red Hat, SAP SAS and Unisys (see 


Alliance Profiles” for clear examples this support). 


Services: Customers also have strong resource 


develop customized, optimized solutions with Intel® 


Solution Services, in-house, worldwide professional 


service several Intel Solution Centers 


and test high-performance 


5 


ensure high reliability before 
deployment. Customers include Virgin.com, Procter & 
Gamble, Sony Pictures Imageworks, Marriott, Credit 


5 
Suisse, TMobile and Sungard. 


Expertise: Through work with global technology 
international standards communities and technology end 
users, Intel has built respected expertise guidin 
tions development to deliver real business value that com- 
panies can take straight the bottom line. Intel’s team 
professionals with direct industry expertise work with the 


technology community areas like financial 


SUPPLEMENT 


services, manufacturing, retail, government and commu- 


nications. This done ensure that technology 


put work delivering strong ROI, lower TCO, and 


meeting specialized industry needs. 


McKinsey Co. recently singled out Intel for its success 
delivering solid business results. has concentrat- 
higher-value goods, thereby generating 
extraordinary productivity advances microprocessors 
and memory chips become exponentially more power- 


ful though not exponentially more expensive.” 


And, shown customer case studies such JetBlue, 
powerful products, solutions and expertise are 
driving dramatic new business solutions—and value 


across several key industries. 


taking lead—by making smart investments 
enterprise architecture—well-established industry leaders 
find that they, too, can deploy critical business applications 


that can described just like the upstart 
Efficient, economical and reliable. 


For more information Intel® Xeon™ processor and 
Intel® processor-based servers and educational 
opportunities, visit www.intel.com/ad/servers. 


www.computerworld.com 


cheap credit cards. Many e-mail pro- 
grams can filter junk. Shouldn’t ISPs 
also have the technology block spam 
from ever reaching their outgoing 
servers? 

behind the foot-dragging 
Gates and Microsoft? Well, any 
punitive action technology require- 
ment targeting ISPs would certainly 
affect Microsoft’s Hotmail, MSN and 
bCentral online services. Also, Micro- 
soft doesn’t like being told what 
especially the government. 
The company’s responses spam 
have included stumping for best prac- 
tices, mediating customer disputes and 
waiting until independent trusted au- 
thorities can certify legitimate e-mail 
solicitations. But where’s the clout? 
Without the threat financial pain, 
prevent spammers from mov- 
ing to another domain, enlisting better 
technology ignoring these non- 
governmental lobbies altogether? 

There’s lots money behind the 
notion certifying good online mar- 
keters and weeding out the baddies. 
being able slice and dice the online 
audience, Microsoft will able 
fence-sit this issue: can create anti- 
spam teams (and publicity) while si- 
multaneously reaping the rewards 
from “good” online marketers. 

But there’s one major problem with 
attempting label good online mar- 
keters with seal approval: Who, 
wonder, would wield that rubber 
stamp? 


DAVID MOSCHELLA 


Consolidation 
Claims Lead 


COLUMN last 

month [QuickLink 38788], 

argued that simple trip 
the dictionary should 
enough remind that 
isn’t mature industry, 
matter how fashionable has 
become claim otherwise. Similarly, 
much the rationale for Oracle’s on- 
going efforts acquire PeopleSoft has 
been based equally dubious 
claim: that the industry consoli- 
dating. 

have been researching, analyzing 

and forecasting the marketplace for 
most the past years, and for the 


great majority this time, 
people have been either 
predicting the imminent 
consolidation the sup- 
plier base claiming that 
it’s already under way. Yet 
somehow during this time, 
the number significant 
companies the indus- 
try has continued grow 
rapidly, from perhaps hun- 
dred the late 1970s lit- 
erally thousands today. 

The consolidationists 
have got both their numbers 
and their analogies wrong. 
Most readers have probably heard, for 
example, that there were once more 
than hundred automakers, whereas 
today there are roughly dozen. But 
too often, no one mentions that while 
the number car manufacturers has 
fallen, the number companies that 
are part the global automobile in- 
dustry has soared into the hundreds 
thousands. The same pattern prov- 
ing true for the business. 

Our exaggerated sense indus- 
try consolidation stems from relatively 
narrow and short-term thinking. Clear- 
ly, many markets have followed 
pattern that eventually results fewer, 


4 


more dominant suppliers. 
handful start-ups 
might launch new sector, 
but the market expands, 
creates both the revenue 
opportunities and special- 
ized customer needs that 
attract new entrants. How- 
ever, just trees don’t 
grow the moon, this ex- 
pansion inevitably slows, 
and the number partici- 
pating companies shrinks. 
have seen this pattern 
with mainframes, mini- 
computers, PCs, storage 
devices and many software and net- 
working products. 

But this consolidation within exist- 
ing segments has always been more 
than offset the creation new mar- 
kets and the ever-expanding services 
that support them. Whether one 
looking hardware, software net- 
working, the result has been in- 
creasingly fragmented industry. 
silly seems today, many informed 
people were once deeply worried 
about how IBM, AT&T and “Japan 
Inc.” would eventually dominate 
overly consolidated business. 

All this being repeated with 
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Oracle/PeopleSoft. Larry Ellison 
certainly right that some consolidation 
today’s bloated enterprise software 
business likely, and even desirable 
and that large mergers and acquisi- 
tions will inevitably part this 
process. Just look the consolidation 
within the database market over the 
past years. But the past, the as- 
sertion that the overall software busi- 
ness will also consolidate into few 
big players will proved wrong. Fu- 
ture innovation and specialization will 
assure that this won’t happen. 
Misleading claims maturity and 
consolidation matter much more than 
might initially apparent. the ex- 
tent that customers adopt these inaccu- 
rate views, they will develop unnec- 
essary bias toward not just Oracle, but 
all the software industry’s largest 
players. Thus, Ellison and others have 
strong incentive promote what ul- 
timately self-serving idea. But it’s 
mostly just semi-sophisticated form 
fear, uncertainty and doubt and 
should viewed and treated such. 


WANT OUR OPINION? 


More columnists and links to archives of previous 
columns are on our Web site: 
www.computerworld.com/columns 


Security Risk Phantom Menace 


SAD see and security 

managers struggling to measure 
and manage security risk [“IT Man- 
agers See Need for Risk Metrics,” 
QuickLink 38973]. have conduct- 
research for years, interview- 
ing more than 200 computer crimi- 
nals, and concluded long ago that 
as long as security remains imper- 
fect, security risks (expected fre- 
quencies adversities, not 
confused with business risks) 
measurable most cases 
because created and 
under the control our unknown 
enemies. 

noted the article, there are 
insufficient loss statistics 
ble specific organizations 
which base valid risk assess- 
ments. Therefore, security risk 
measured, controlled man- 
aged. Carl Cammarata rightly 
said the article, “You can’t man- 
age what you measure.” 

The old, negative risk-reduction 
objective should replaced with 
positive one achieving due dili- 
gence and good practices. It's more 


someone who understands IDS 

and the network and who can ana- 
important meet increasing regu- OBERT “Surviv- lyze the captures. company, 
latory and legal requirements and ing Software Upgrades” have hundreds examples 


comply with standards. 

should use the good safe- 
guard products and services pro- 
vided the se- 
curity industry and benchmark rela- 
tive our common body 
edge and the practices 
secured, similar organizations. 

using these practical due dili- 
gence methods, avoid negli- 
gence and more likely serendipi- 
tously reduce both the known and 
unknown risks created our un- 
known enemies. 

Donn Parker, CISSP 
Los Altos, Calif. 


[QuickLink 38227] was excel- 
lent common-sense article. Articles 
such these will help the spe- 
cialist work more effectively with 
business owners and upper-level 
management. 

Kris Molitor 

Consultant, Rockford, 


Finding Time for IDS 


ONTRARY Gartner's posi- 

tion, find intrusion-detection 
Criticisms Kindle Debate,” Quick- 
Link assuming you have 


Engineering the Corporation 


PROBLEM with reengineer- 


ing can found the word it- 
self [“Reengineering Revisited,” 
QuickLink The “re” implies 
that companies have been engi- 
neered the first place. love busi- 
ness, and think business-process 
engineering wonderful idea, but 


engineer, find the term re- 
engineering insulting. Why 
just call business engineer- 
ing? something falls off wag- 
neered.” simply exists. 

Kirk Gould 


Phoenix, gouldkj@juno.com 


hack attempts and network prob- 
lems that were resolved thanks 
our IDS. This makes worth for 
us. Firewall traffic analysis suf- 
ficient; Gartner's own statistics 
show that most hack attempts are 


internal users. Organizations 
that dedicate time operate 
IDS buy one. 

Corey CISSP 

Santa Ana, Calif., 
corey_adam@hotmail.com 
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Strengthen Security During Mergers 
With merger and acquisition activity the 
rise, users like Bobby Gillham (left), manager 
global security ConocoPhillips, offer 
advice how protect your company’s 
assets and bolster security the combined 
business. 


Know Thy Users 
With the proper identity management system, 
you can save money, make users happy and 
improve your security. Here are strategies 
for making the right choices from users like 
Ann Garrett (left), chief information security 
officer for the state North Carolina. 


EDITOR’S NOTE 


ISK EVERYWHERE. Just stepping out 

your front door the morning in- 

volves some risk. does staying 
inside with the furniture. 

author Bill Bryson points out, govern- 
ment figures show that more than 400,000 
people the U.S. are injured chairs, 
sofas and sofa beds the course year. 
How they it? Mind you, talking 
about injuries that require trip the 
emergency room. That’s about times 
more than the number people injured 
skateboards, trampolines scissors! 

course, it’s surprise you that 
risk comes many forms. the field 
security, the threats include disgruntled 
employees, fired employees, clueless em- 
ployees who succumb social engineer- 
ing, passwords left Post-it notes, wide- 
open instant messaging and increasingly 
powerful hacker tools the hands 
teenagers. 

This special report has dozens tips 
help you manage those risks. But before 
you implement any them buy another 
security product, one thing: Stop 
identify the three biggest security risks 
your company faces whatever would 
bring your company its knees. They will 
vary, depending your industry and busi- 
ness model. theft credit card num- 
bers? Embezzlement? Privacy violations? 

sure address those high-risk areas 
first, before looking at more exotic prob- 
lems. Take care the basics: passwords, 
patches, employee training, antivirus soft- 
ware and access controls. you can’t keep 
up, consider outsourcing. 

And don’t stub your toe the furniture. 


Mitch Betts Features editor Computer- 
world. can contacted mitch_betts@ 
computerworld.com. 


SPECIAL 


More features and resources on this topic: 


QuickLink k1600 
www.computerworld.com 


Sage advice for protecting 


REPORT dangerous world. 


MARIA RENDON 
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one network. Together, from one company. 


MCI makes global access easy. Plug our wide range services, from simple dial-up 
broadband, with the fastest speeds available over today. And stay connected with 
coverage more than 140 countries around the globe. Since network continually 
expanding, are your access possibilities. get your MCI Access now, call 


1888 886 3844 www.mci.com/go/proof 
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RED COHEN ALREADY knew 

about worms, Trojan horses 

and hackers November 

1983. But graduate student 

participating weekly semi- 
nar on computer security, Cohen was 
interested new class security 
threats: program that reproduced it- 
self attaching other programs. 
took eight hours for Cohen create 
his virus and nearly week get per- 
mission test large Unix com- 
puter the University Southern 
California. 

And the virus worked frighteningly 
well. During each five tests, the 
virus infected files and gained full sys- 
tem rights the machine less than 
an hour — in one test, it took less than 
five minutes. After that, USC systems 
administrators banned all further secu- 
rity experiments their computers. 

Other computer security threats had 
been around for two decades, since the 
early days time-sharing. Defenses 
against them were mostly hoc and 
used systems only after they had 
been attacked. But viruses, which 
spread largely through desktop PCs, 
would prove the threat that turned 
computer security into industry. 

1986, viruses were attacking IBM 
PCs and Apple computers. 1988, 
the first Macintosh virus appeared, 
and did the first commercial anti- 
virus software. 

But 1989, the problem 
was large enough that IBM 
sent antivirus software 
had developed for inter- 
nal use large customers, 
along with letter ex- 
plaining what was for. 

Suddenly, large companies 


1988: After Robert Morris’ 
worm program cripples the 
Internet for days, the De- 
fense Department sets up 
the CERT Coordination Cen- 
ter Carnegie Mellon. 


1983: Security re- 
searcher Fred Cohen 


Anall-too-successful computer experi- 
ment eventually spawns the antivirus 
software industry. Frank Hayes 


were thinking about computer security 
and antivirus software became big 
business. 

But viruses the only threat. 
November 1988, worm program 
released the Internet infected 6,000 
servers 10% Internet host ma- 
chines the time and crippled the 
network for days. 

the wake the worm, the U.S. 
Department Defense set the 
Computer Emergency Response 
Team (CERT) Coordination Center 
Carnegie Mellon University 


Pittsburgh improve communication 
about future incidents. 1989, the 
Department Energy set its own 
Computer Incident Advisory Capabil- 
ity Lawrence Livermore National 
Laboratory. 

1990, security researcher Eugene 
Spafford Purdue University coined 
the term firewall for system that 
would protect individual networks 
from threats such worms. One 
Spafford’s students, Daniel Farmer, 
developed the Computer Oracle and 
Password System (COPS), the first 
publicly available security scanner. 

And 1991, the first commercial se- 
curity firewall was set for Pont 
Co. Digital Equipment Corp. Digital 
adapted its own corporate firewall 
create the product. 

But the mid-1990s, protection 
from outside threats was longer 
enough. E-commerce required protec- 


1988: Dr. Alan 
Solomon creates 
the first widely 
used antivirus 


software. TCP/IP. 


1994: The SSL stan- 
dard developed 
Netscape adds encryp- 
tion and authentication 
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tion while information was traveling 
across the Internet. Netscape Commu- 
nications Corp. developed the Secure 
Sockets Layer (SSL) standard 1994 
add automatic encryption and au- 
thentication TCP/IP. 

The same year, two developers 
Enterprise Integration Technologies, 
Eric Rescorla and Allan Schiffman, 
created the Secure Hypertext Transfer 
Protocol, which allowed individual 
HTTP messages encrypted, 
signed authenticated. 

1998, attacks Web sites and 
other government systems spurred the 
Department Justice and the FBI 
create the National Infrastructure Pro- 
tection Center (NIPC), joint effort 
the government and private sector 
prevent both physical and cyber at- 
tacks computer networks. 

Security concerns soared the year 
2000 approached, and “chief security 
officer” became executive title 
many half large companies 
(though CSOs had been around ear- 
1996). Microsoft Corp. appointed 
its own CSO in 2002, and after an em- 
barrassing string security holes 
its products, stopped all new program- 
ming for month retrain its pro- 
grammers and examine old code for 
security problems. 

the nearly two years since the 
terrorist attacks of Sept. ll, 2001, secu- 
rity has been top priority 
time when budgets are tighter than 
ever. And corporate security people 
will need use existing resources, tap 
existing knowledge and, most all, 
avoid reinventing the wheel they 
want squeeze the most out every 
dollar. 

And now, with the 


1998: The government estab- 
lishes the NIPC counter physi- 
cal and cyberattacks against the 
Internet. 


41990: 
Eugene 
Spafford 
coins the term 
firewall. 


1990: Daniel Farmer 
develops COPS, the first 
publicly available security 
scanner. 


1991: Pont 
installs the first 
commercial se- 
curity firewall. 


Chief security 
are appointed 
nearly half compa- 
nies with more than 

billion revenue. 


2002: Microsoft stops 
all coding for month 
retrain programmers and 
examine old code for 
security problems. 


demonstrates the first doc- 
umented experimental 
virus the University 
Southern California. 
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demand. 


The human body has great potential demand capacity. The same 
true IBM eServer and TotalStorage” systems. Select product lines allow 

you activate dormant processor, memory storage capacity quickly UNIX’ 

and easily. Permanently enable processors respond future needs. Midrange 
turn extra processors temporarily and pay only for what you activate. Mainframe 
Increase and decrease capacity needs demand. 
eServer: servers for demand business. Storage 
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GOT thousands em- 
ployees tapping into dozen 
internal enterprise applica- 
tions apiece, growing base 
external business partners 
and slew customers visiting your 
new portal. You need give this fluid 
population the right channel for reach- 
ing their authorized resources. You 
need identity management system. 

identification management sys- 
tem will help stem flood user-ac- 
cess complaints and serve essen- 
tial bulwark your security system. 
you don’t have one, build one. But 
build right the first time address- 
ing your most pressing needs now, 
with eye toward adding features 
the future. There are proven ways 
do this, so don’t be the poor soul who 
doesn’t get right the first time. 

was talking client the other 
day who was developing very cus- 
tomized proprietary [identity manage- 
ment] solution that didn’t leverage 
standards,” says Roberta Witty, ana- 
lyst Gartner Inc. “The application 
was very questionable from infra- 
structure perspective. You have ask, 
liable that case?” 

Most identity management projects 
can broken down into these areas: 
Planning, adopting standards, deter- 
mining when centralize password 
administration and when delegate it, 
and leveraging early successes cost- 
justify future initiatives. Here are some 
tips for implementing identity man- 
agement project. 


Plan quick-hit list. Start 

determining what portions 
identity management will make the 
most positive impact your business 
today. For example, when the state 
North Carolina began looking its 
identity management needs January 
2000, the state’s Office Information 
Technical Services (ITS) determined 
that the most important thing ad- 
dress first were password resets, which 
chewed 40% help desk costs, ac- 
cording Ann Garrett, chief informa- 
tion security officer for the state. 

“We have 75,000 users using differ- 
ent systems who were forgetting their 
passwords, and couldn’t afford 
business any longer,” says Garrett. 

ITS wanted tool that would give 
users the ability reset their own 
passwords with challenge-response 
system; chose Oblix Inc.’s NetPoint. 

“The system has a Resume feature, 
when user forgets their password, 
all they have answer secret 
question, which takes the overhead off 
the administrator,” explains Brent 


www.computerworld.com 


different systems who 
wer 


SIMON GRIFFITHS 


With the right identity management system, 
you can save money, make users happy and 


improve your Woe those who 
ignore it. Deborah Radcliff 


i 
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Roberts, the state’s identity adminis- 
trator. Now, adds, password reset 
requests have dropped nearly zero. 
Pian for the long haul. But 

wasn’t just the immediate 
password reset needs that North Car- 
olina looked at, continues Roberts. ITS 
also took into account the state’s long- 
term access initiatives, starting with a 
Web-based portal that state employees 
can use access their human re- 
sources and other interoffice data, 
which was recently deployed online. 

“We needed infrastructure that 
could support the coming onboard 
agencies phases,” Roberts explains. 
“So put workflow and policy into 
the system that allows employees 
change some the noncritical fields, 
such office phone number. But 
other fields, like what data resources 
employee has access to, are handled 
their managers.” 

The next initiative open certain 
data first state-based businesses and 
later to citizens. For that, the infrastruc- 
ture must also support variety end- 
point access controls such tokens, 
smart cards and biometrics, which may 


coming 2005, Roberts says. 
Think standards. The only 

way facilitate North Car- 
olina’s short- and long-term plans was 
build identity infrastructure 
based standards, which another 
reason the state decided Cupertino, 
Calif.-based Oblix, says Roberts. 

For starters, Oblix works with the 
state’s current directory standard, 
Lightweight Directory Access Proto- 
col. But also supports current and 
up-and-coming Web-based standards, 
including XML-based authentica- 
tion and authorization standard called 
Security Administration Markup Lan- 
guage and emerging provisioning 
standard called Service Provisioning 
Markup Language both which 
come out the Organization for the 
Advancement Structured Informa- 
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DELEGATED ADMINISTRATOR 


Delegating 


Know when delegate. 
Like the state North 
Carolina, about half 
Coopers’ clients start their identity man- 
agement projects address Web-based 
access needs, says Gary Loveland, 
partner the consulting firm. Doing this 
successfully for delegat 
istration which lets end users 
start the process registration them- 
selves and delegates management 
their user identities department man- 
agers systems administrators. 
Nowhere delegated administration 
more critical than business like Cov- 
isint LLC, Southfield, Mich.-based on- 
line exchange for automakers, their sup- 
pliers and industry trade groups. With 
much competitive stake, 
Covisint must that the 
100,000 users logging the ex- 
change bid work and access 
manufacturer specifications and other 
data cannot skip around reach their 
competitors’ data, says Gave Miller, Cov- 


tion Standards Billerica, Mass. 

With standards-based infrastruc- 
tures, you can plug new rules and 
roles, and you can add cross-vendor 
identity management applications 
they develop, says Gary Loveland, 
partner the security and privacy 
practice PricewaterhouseCoopers 
New York. addition, standards- 
based infrastructure makes easier 
grant access outside business part- 
ners without making them use the 
same products you use, adds Witty. 
Know when centralize admin- 

istration. Just many organi- 


zations prefer centralize administra- 
tion user accounts, says Loveland. 
This choice usually made when 
company determines that its most im- 
portant identity management problem 


chief information security officer. 

But managing all those user was 
impossible centrally, Miller 
and the number will soon double when 
tity management system. So, with the 
help RSA Security ClearTrust 
identity management suite, Miller has 
brought the number user IDs under 
his domain manageable 10,000. 

this, established root ad- 
ministrator each Covisint’s member 
organizations manage their own in- 
house users accessing the portal, 
says. Importantly, ClearTrust also abie 
handle complex hierarchies dele- 
gated administrators, since some 
them are also responsible for managing 
accounts their subsidiary companies. 

Access approvals are finalized 
through automated e-mail trail be- 
tween the requesting administrator, Cov- 
isini and the manufacturer. Deprovision- 
ing handled through e-mail. 

Deborah 


inconsistent user data and rogue in- 
ternal user accounts, particularly when 
workflow policy already centralized 
around the company’s human re- 
sources system. 

This element identity manage- 
ment called user provisioning. For 
example, ProBusiness Services Inc., 
human resources outsourcing services 
and technology vendor 
Pleasanton, Calif., deter- 
mined that its most immedi- 
ate management prob- 
lem was cleaning inaccu- 
rate user account informa- 
tion for its 1,500 distributed 
employees whose metadata 
(telephone numbers, titles, spellings 
and the like) was often different than 
that stored the company’s Siebel 
Systems Inc. human resources system. 


MORE TIPS ONLINE 


For additional advice on 
implementing an identity 
Management system, visit our 
Web site: 


@ QuickLink 39684 
www.computerworld.com 


Human resources wanted main- 
tain control adding new users and 
provisioning their resources, along 
with deleting users and deprovisioning 
their resources upon termination 
transfer. addition, human resources 
requested system that could help en- 
force hiring, staffing and salary guide- 
lines and alert the human resources 
managers when such policies are vio- 
lated, says Phil Blank, vice president 
ProBusiness. 

For this, Blank’s team settled 
Austin-based WaveSet Technologies 
Inc.’s Lighthouse Enterprise Edition 
because has built-in connectors 
Siebel and because could provision 
anything access data resources, 
telephones, office space, even parking 
spaces. More importantly, keeps user 
data consistent from application ap- 
plication. And automatically depro- 
visions access data resources, end- 
ing the dangerous problem having 
rogue passwords that trespassers can 
use break into systems. 

“The payback,” Blank says, “is the 
human resources folks say they’re see- 
ing tremendous efficiencies terms 
accuracy user information. And they 
don’t have spend much time do- 


ing clerical work.” 
Work phases, and justify 

each through Baking 
money-saving and efficiency features 
like the human resources policy en- 
forcement tools that ProBusiness 
added will long way toward help- 
ing departments justify subsequent 
phases development, 
says Wendy Steinle, direc- 
tor marketing for Novell 
Inc.’s Nsure identity man- 
agement products. 

And identity manage- 
ment lot easier bite 
off phases, say man- 
agers. Start with steps that can show 
return investment cost savings, 
such North Carolina’s reduced help 
desk costs, which Garrett believes will 
pay for the state’s identity manage- 
ment system two years. She uses 
these numbers cost-justify future 
projects, such the addition more 
robust access controls. 

“Identity management done the 
right way can save lot money,” 
adds Steinle. “That takes planning, 
evaluating your solution options, 
building road map and creating mea- 
sures success.” 


California. She can reached 
derad@aol.com. 
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KNOWLEDGE CENTER SECURITY 
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Does your company 
currently have 
business continuity plan? 
More than one-third the chief financial 
officers who responded recent poll 


said they don’t have business continuity 
plan recover from disasters. 


Don’t know/ 
answer 


Base: 1,400 CFOs at U.S. companies 
with more than 20 employees. 


SOURCE. ROBERT HALF MANAGEMENT 
RESOURCES, MENLO PARK, CALIF., JUNE 2003 


Consumer Insecurity 
Consumers who use 
online banking cite 
the following reasons: 


Concerned about 


security 26% 0 


Not comfortable doing 


banking business online 


Prefer to do all banking 71 % 


business face face 


Concerned about 


privacy 


Base: 1,571 U.S. consumers who don't bank 
online; multiple responses allowed. 


SOURCE. TOWERGROUP, NEEDHAM, MASS 
JUNE 2003 


Asian Epidemic 
Security breaches the Asia-Pacific 
region have reached epidemic levels, 

especially China. 


uw 75% of software developers in the 
Asia-Pacific region reported a security 
breach in the past year. 


w 84% of developers in China reported 
a security breach in the past year. 


60% developers China reported 
three more breaches the past year. 


Base: 600 software developers in the 
Asia-Pacific region. 


SOURCE. EVANS DATA CORP., SANTA CRUZ. 
CALIF., MAY 2003 


MARK HALL 


Feeling Insecure 


FIRST TIME NAME got into trouble was high school. football 
player heard that had taken his girlfriend out date, and rumor had 
was “gonna pound” me. When met the big fella, took lot time and 
people convince him that had the wrong Mark Hall, despite his 
5-foot-10-inch girlfriend’s denial she’d ever met 5-foot-4-inch self. 
Recently, our sister publication CIO hired Mark Hall lead its depart- 

ment. Congratulations have been coming fast and furious and curious, 

because one knew had such skills. And our parent company, IDG, even sent 

phone destined for him. (Now, only they’d send his paycheck, too.) 


So, you can see why I’m feeling nervous this new 
era heightened security. Oh, don’t mind the gun- 
toting guards airports and public venues. I’ve 
traveled abroad enough sanguine about seeing 
uniformed men and women toting Uzis and Glocks. 
What fear are those armed and dangerous databases 
our government and commercial entities are compil- 
ing; they could contain false positives 
“Mark Hall” and other innocents the 
war terrorism. 

doesn’t comfort know that the 
Defense Advanced Research Projects 
Agency (DARPA) has changed the name 
its Total Information Awareness (TIA) 
project Terrorist Information Aware- 
ness. After all, TIA’s intent remains the 
same: create integrated and efficient 
access information various public 
and private data silos and process or- 
der thwart terrorist plots. DARPA 
researchers told Congress late May, the 
agency can’t guarantee “the accuracy and 
utility any information retrieved TIA’s search 
tools, [but] consideration should be given, in imple- 
mentation, the quality the databases 
queried.” short, false positives will persist, giving 
nightmares that Donald Rumsfeld, former cham- 
pion wrestler, will someday come over house 
pound me. 

Then there’s Regulatory DataCorp International 
LLC (RDC). Last year, Computerworld wrote about 
the newly formed commercial operation, noting that 
“Regulatory DataCorp will compile information from 
public resources, including international, federal and 
local law enforcement records. will then sell access 
the database other companies they can screen 
potential customers” [QuickLink 

users are primarily financial institutions 
that, statute, must make every effort weed out 
lawbreakers all stripes. According Chief Operat- 
ing Officer Peter Nitze, last month, RDC already 
had little bit under 1.5 million names” its data- 


base. Could “Mark Hall” one them? 

Solving the false-positive problem these massive 
databases isn’t trivial. Stephen Brobst, chief technolo- 
officer NCR’s Teradata division, which re- 
nowned for its monster databases, points problems 
consumers have had with credit reports. 

That’s why Congress passed the Fair Credit Report- 
ing Act, which gives access our cred- 
histories help assure that they’re 
accurate. It’s unlikely that these countert- 
errorism databases will offer equal pro- 
tections. 

But Brobst points out that the problem 
gets stickier because the catastrophic 
risks of false negatives — that is, likely 
terrorists and other nasty folks who aren’t 
added the database because the criteria 
for adding suspects are too conservative. 
such, thinks the tendency will 
protect against false negatives, increasing 
the odds false positives. 

Nitze agrees. That doesn’t mean RDC 
ignores the problem. uses human analysts, who re- 
ceive more than a month of training, to review identi- 
cal names searching for data discrepancies en- 
sure that the good Mark Hall (that would me) isn’t 
mistaken for his evil twin. 

This conundrum hasn’t gone unnoticed inside the 
Pentagon. Defense Department spokesman tells me, 
quite possible for the Muslim equivalent ‘John 
Smith’ create false positives.” DARPA has also 
designed procedures cull out the false positives. 
But the tendency for the creators these applica- 
tions err the side inclusiveness. other 
words, the more “Mark Halls,” the better. 

will take time and experience before projects like 
TIA and RDC are able balance real security needs 
with the thorny problem false positives, which 
waste their time and resources. the meantime, I’m 
considering changing name Marcusian 
Halloflowskovich. Has nice ring it, don’t you 
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REAL-TIME BUSINESS ISN’T 
GETTING 


IT’S ABOUT MAKING SURE 
YOUR BUSINESS CAN 
TAKE ADVANTAGE IT. 


true real-time business, everything moves 
faster. Your data always where and when it’s 


needed. You coordinate activities and automate 


z 


processes end end. You enjoy greater visibility 


and understanding. And you have the ability 


drive your business with new immediacy. 


TIBCO Software's proven integration solutions 
enable real-time business. unifying and 
optimizing your existing assets—people, 
processes and legacy systems—you can 
more with what you already have. And 
better. what call The Power Now.” 
Our unbiased, independent approach and 


easily-deployed integration solutions can 


§ 


help you grow your business even today’s 


difficult environment. 


the world's leading independent integration software provider, 


TIBCO has helped more than 2,000 companies take advantage 
real-time business. Discover how put The Power Now 
work. Call 888-558-4226 visit www.tibco.com/cwc 


The Power 


FASTER. 


Delta Air Lines partnered with TIBCO to create the 
Delta Nervous System, which connects Delta’s 13 busi- 
ness units and 30 databases, and handles more than 5 
million daily business events. 


“The ability to share information with our employees 
and customers in real-time, and to automate how we 
share it, has allowed us to transform our business, 
improve customer service, and reduce costs.” 


—Curtis Robb, Delta Air Lines CIO, 
Delta Technology CEO 


Outsourcing security managed providers 
requires safeguards guarantee service. Here 
are tips from companies that have signed over 
security the experts. Barbara DePompa 


ORKING WITH managed 
security service provid- 
ers (MSSP) isn’t much 
different from any other 
type outsourcing com- 
mitment. All the basic rules still ap- 
ply, including setting specific require- 
ments, incorporating strict service-level 
agreements with penalties, and re-eval- 
uating your needs and the provider’s 
competencies regular intervals. 

But when comes managing se- 
curity functions, there are additional 
factors that can improve the relation- 
ship and the quality security cover- 
age provided your MSSP. 


TIP7 Have clear reason for out- 
Figure out whether 
the service provider will deliver better 
security run the company’s informa- 
tion security operations faster and 
cheaper than you could in-house. 
Merrill Lynch Co., for example, 
signed global, multiyear contract 
have VeriSign Inc. monitor and manage 
hundreds network security devices, 
primarily firewalls and intrusion-detec- 
tion systems. “We picked VeriSign be- 
cause the company’s expert skill 
monitoring and its ability give bet- 
ter information than could gather 
our own. The goal wasn’t reduce 
costs; was improve security,” says 
David Bauer, chief information security 
and privacy officer Merrill Lynch. 


Ask probing questions. Jeff 

Nigriny, chief security offi- 
cer at Exostar LLC in Herndon, Va., an 
online exchange for the aerospace and 
defense industry, suggests interview- 
ing everyone the MSSP about how 
they will provide coverage for your 


company. How many times has the pro- 
vider had issue credit for failing 
meet the service-level agreement? And 
how financially stable it? 


Set time limit for responses. 

When Exostar contracted 
with TruSecure Corp., Nigriny includ- 
clause the service-level agree- 
ment stating that TruSecure’s response 
time problem couldn’t exceed 
minutes and that any configuration 
changes would have made within 
minutes. 


Remember: Monitoring for 
security breaches 24/7 simply 
isn’t enough. “The MSSP must filter 
through the alerts, respond to problems 
they arise and tell what was 
done report later,” says Nigriny, 
who decided was time consider 
outsourcing when was forced sift 
through 3,000 incidents single day. 


Use MSSP that’s nearby. 
Paul Castellano, general 
manager information services, se- 
curity and disaster recovery Hagers- 
town, Md.-based Allegheny Energy 
Inc., selected RedSiren Inc. more than 
two years ago, primarily because the 
MSSP filled key requirements and was 
headquartered in Pittsburgh, which is 
within driving distance Castellano’s 
office. While not everyone able 
jump into the car visit service 
provider, “you really don’t want 
plane every time there’s briefing 
presentation,” says. 


TIP Make sure the MSSP offers 
fail-over operations that 
least match your own. Castellano recom- 
mends using MSSP that offers re- 
dundant network operations centers, 
which are critical for recovering from 
regional disasters. And even more 
important, says, the need test 
those backup operations. 


TIP Understand and exploit the 

; reports you get. An MSSP’s 
reporting tools can used bench- 
mark your security coverage and re- 
covery performance against those 
scores other companies. Allegheny 
Energy has used the RedSiren report- 
ing tools build baseline and enable 
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Castellano’s staff perform monthly 
quarterly “what if” security testing. 


Think beyond the perimeter 

and “defend depth.” That’s 
the advice Nick Brigman, vice presi- 
dent RedSiren. Nowadays takes 
more than antivirus software and 
firewall secure operations. Consider 
adding multiple intrusion-detection 
sensors different areas around the 
company better protect critical as- 
sets. Some customers add such devices 
both outside and inside their firewalls, 
Brigman says, detect and track the 
incidents that breach them. 


Figure out how escalate 

problem and how gain access 
the “real” security experts inside the MSSP. 
Chances are, when you call the MSSP 
for assistance about security alert, the 
person who answers the phone may not 
the key person you need, says Adam 
Joseph, former CEO TruSecure and 
now independent consultant. 
says MSSPs typically don’t keep many 
highly skilled security technicians 
duty around the clock, identifying 
the people with real expertise criti- 
cal getting better service. 

general, experts say that the key 
develop close, trusting relation- 
ship with the MSSP the depart- 
ment can focus strategic security 
goals while the MSSP handles the 
mundane daily operations. 


security services you 
expect get. Analysts say much 
hyping services going today, 
MSSPs scramble gain footing the 
market. ask for sanitized incident 
reports, examine the level content 
them, and analyze the effectiveness the 
service provider's response each case. 


DePompa independent writer and 
editor in Germantown, Md. She can be 
reached bdepompa@comcast.net. 


MORE TIPS ONLINE 


Need more? We've got additional tips on security 
outsourcing on our Web site: 


QuickLink 39686 
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AINTAINING robust secu- 


priority list many com- 
panies these days. But 
those that are the midst 
merger acquisition face some 
unique security challenges and 
opportunities. 

multinational companies 
plan increase their merger and 
acquisition activity over the next two 
years, with 70% expecting involved 
such deals that period, according 
recent PricewaterhouseCoopers 
Barometer Survey 170 executives. 

That will mean lots more work for 
chief security officers before the 


lips yo h { to create a ea 


deal signed and after- 
ward, when security tech- 
nologies and policies have 
integrated. The fol- 
lowing are some practical 
tips for ensuring that data, 
networks and systems re- 
main secure possible 
during the often turbulent 
times that accompany 
merger acquisition. 


Perform due dili- 
gence secu- 
rity well the merger be- 
gins. The chief security of- 
ficer other senior secu- 
rity manager should 
involved the process 
evaluating potential merg- 
finance, human resources 
and other executives are. 
Analyze the security poli- 
cies and technologies 
the other company, and 
determine how vulnerable is. 

Also, determine whether the compa- 
educates employees about security 
general and about things such 
preventing the spread viruses. Con- 
duct penetration test the target 
company’s network, and interview 
managers and staffers gauge the pre- 
vailing attitude about security and pro- 
tecting data and intellectual assets. 

“Spend lot time learning about 
the company and its culture, where 
does business, whether security [man- 
agement] centralized decentral- 
ized, and how the company values se- 
curity,” says Bobby Gillham, manager 
global security ConocoPhillips 


PAM FRANCIS 


With merger and acquisition activity the rise, 


how protect your company’s assets and 


exploit the opportunity bolster the security 
the combined business. Bob Violino 


CENTER 


Houston, who headed security for 
Conoco during its 2002 merger with 
Phillips Petroleum. “Work closely with 
the other company’s security manager 
understand their security organiza- 


tion and its role the organization.” 
Assess the security practices 


and vulnerabilities suppliers 
and other business partners that work closely 
with the merger acquisition target, says 
Laura Koetzle, analyst Forrester 
Research Inc. the trading partners 
have adequate security place for 
commerce, online procurement and 


Web collaboration? 
Remember that merger can 
always fall through because 
regulatory restrictions, stockholder disap- 
proval other reasons. “Companies have 
careful about releasing [security] 
information to the other organization, 
because the merger halted, there’s 
way you can get them ‘unknow’ 
those things told them,” says 
Koetzle. This particularly critical 
the merger partner competitor. 
“You can disclose the level security 
you provide, but don’t hand over all 
the keys the kingdom the early 


stages merger.” 
TIP Anticipate “social engineering” 
other security threats from 
disgruntled employees both the compa- 
nies involved. While experts say bad be- 
havior usually the exception most 
people are more concerned about find- 
ing new job than harming the compa- 
they believe they’re going 
laid off makes sense ready for 
anything. soon employee has 
been notified about layoff, cut off ac- 
cess all critical services and applica- 
tions. The staff should trained 
and prepared shut off employees’ 
network access quickly necessary. 
“You need pay particular attention 
protecting against people walking 
out with proprietary information,” 
Gillham says. “Sometimes people take 
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things not steal, but show pro- 
spective employers the work they’ve 
done. You have limit access pro- 
prietary systems for those people you 


know are being downsized.” 
During the integration/transi- 
tion phase, get the two compa- 
nies’ security groups working together 
soon possible. Begin identify which 
security technologies should re- 
tained and which should dropped, 
based the security needs the new 
organization. “There may oppor- 
tunity create new] security orga- 
nization that has the best both com- 
panies,” says Gillham. “Compare the 
security expertise both companies 
and look for opportunities for synergy 


the integration process.” 
TIP sure address how 

handle secure communica- 
tions, particularly the companies are using 
different types e-mail virtual private 
networks for remote access. “That can 
hurdle; the systems are not com- 
patible, people may not able com- 
municate with each other,” says Nich- 
olas Percoco, associate partner at Am- 
biron LLC, an information security 
advisory firm Chicago. may 
necessary change security technol- 
ogies one company guarantee 
secure communications. 


the target company 


security disaster and it’s late 
get out the deal, spend whatever 
takes quickly bring the company 
snuff, through new technology 
upgrades old products. Send 

experts hire consultants 
evaluate security, especially for the most 
systems and networks. 


Violino freelance writer Massape- 
qua Park, N.Y. You can contact him 
bviolino@optonline.net. 
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KNOWLEDGE CENTER SECURITY 


how detect and stop attacks clueless 
disgruntled employees. Dan Verton 


media attention lately, but the 

threat corporate security and 

intellectual property from insiders 

remains one the biggest chal- 
lenges facing departments today. 

According the most recent survey 
the American Society for Industrial 
Security Alexandria, Va., current 
and former employees and on-site con- 
tractors with authorized access fa- 
cilities and networks continue pose 
the most significant risk intellectual 
property such research data, cus- 
tomer files and financial information. 
What follows list the best tips 

from variety security profes- 
sionals how detect and prevent 
insider abuse computer and network 
resources. Experts say that all security 
programs should focus people, proc- 
ess and technology, we’ve broken 
the list into those three categories. 


People 
Require new hires 
through security orientation. 


Have employees review and sign 
policy concerning the acceptable use 
company resources. addition, 
orientation program should include 
review the threats; specific list 
do’s and protect corporate 
information, passwords and physical 
security; and what (and whom 

security violation. 


office peripherals, such copiers 
and printers. When these products are 

used, the memory 
machine, sometimes for years. There are 
“digital software, which erases 
data the machine after each use, 


TIP Establish corporate “neigh- 
borhood watch” program. Set 
reporting structure that able 


detect irregularities and prevent social 
engineering. 


TIP Check the backgrounds 
all employees who 


sensitive data. 


Make sure the passwords for 
systems administrators have 

the strongest level authentication and are 

given the smallest potential audience. 


Require systems administra- 
tors take two consecutive 
weeks vacation annually similar 
the vacation requirements for senior 
bank managers that fraudulent 


activities other improprieties can 
surface while they’re gone. 


TIP Develop policy-setting 


“security council” that has 


executive sponsor from each major 
department, such human resources, 
finance, and marketing. 


Integrate procedures and 
procedures that sys- 

tem access tied employee (and 

consultant) hiring and departures. 


Process 


Establish reliable system for 
assigning access company 
data. Make sure the system can disable 


such access immediately major lay- 
off occurs. 


Determine, based job 

function, seniority and other 
roles, who needs have access which 
company resources and why. 


TIP Require employees sign 

nondisclosure contract 

their date hire they know what 
type information considered pro- 
prietary and what the consequences 
will they share without autho- 
rization. 


assets. Know the type and 
version every operating system and 
application you use, well the num- 
ber computers and networking de- 
vices you have and all the firewall 
types and rules. 


Conduct security audits all 
systems every hours 
ensure that the systems are secured 


and haven’t regressed been ren- 
dered vulnerable. 


Make the ability support 

your company’s information 
access policy one the criteria for buying 
new software systems. 


TIP Evaluate the security your 
business partners and vendors. 


Technology 
TIP Identify dormant IDs or- 


phaned accounts. Install 
create system for actively checking 
for and deleting out-of-date IDs and 
accounts well inactive users. 


Have automated system 


for resetting passwords 


regular basis. 

TIP Make sure that the accounts 
belonging laid-off employ- 

ees simply deleted. Instead, incor- 
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Yikes! 


survey managers and 
employees with access 
sensitive customer informa- 
tion found the following: 


66% said their co-workers, 
not hackers, pose the greatest 
risk consumer privacy; only 


10% said hackers are the great- 
est threat. 


@ 62% reported incidents at 
work that put customer data at 
risk for identity theft. 


46% said would “easy,” 
“very easy” “extremely easy” 
for workers remove sensitive 
data from the corporate database. 


32% said unaware 
internal company policies pro- 
tect customer data. 


28% said their company does 
not have written security policy 
they didn’t know has one. 


Base: Survey of 500 U.S. workers and 
managers who handle sensitive customer 
information at work. 


SOURCE: HARRIS INTERACTIVE INC 
ROCHESTER, N.Y., MAY 2003 


porate suspend feature your provi- 
sioning process that prevents outside 
access but enables the department 
search for key data the account. 


Convert physical access- 

control devices from electron- 
systems network-enabled devices 
that physical access events can cor- 
related with network events and file- 
access attempts. For example, integrate 
your building-access card reader with 
your network that event like 
person entering building late night 
can correlated with any cybersecu- 
rity violations that take place around 
the same time. 


Collect historical data for indi- 
vidual employees regarding 
network activity and file-access attempts 
and then employ formula calculate risk 
factor for each event. Rank the risk fac- 
tors and sort employee identify 


the riskiest employees those who 
need remedial security training. 


MORE TIPS ONLINE 


Need more? We've got additional advice on preventing 
insider abuse and social engineering: 
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FLURRY federal and 
state regulations and inter- 
national laws pushing 
data privacy management 
the top the business 
agenda. Companies that 
fail comply with those laws will in- 
creasingly exposing themselves 
legal liability from their customers and 
from regulators. 

Laws such the Health Insurance 
Portability and Accountability Act and 
the USA Patriot Act have already es- 
tablished information privacy rules for 
companies the health care and finan- 
cial services industries. New this month 
California’s 1386 identity protec- 
tion bill, and coming down the pike are 
other state and federal versions the 
law. International rules such those 
covering European Union nations and 
Canada are also forcing U.S. compa- 
nies confront privacy issues. 

For lot companies, complying 
with such regulations will require 
substantial effort from both technol- 
ogy standpoint and process stand- 
point, says Paul Paez, president Pri- 
vastaff Inc., San Jose-based privacy 
consultancy. 


process for protecting your 


company guarding customer privacy. 


Jaikumar Vijay 


Protect 
Step 
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Even so, the laws make vitally im- 
portant for companies develop pri- 
vacy policies, practices and proce- 
dures, says Charlene Brownlee, at- 
torney Fulbright Jaworski LLC 
Austin. company’s liability will 
measured against what steps took 
protect data privacy,” Brownlee says. 
“You are going to need to show what 
you did compliance with in- 
dustry standards.” 

That means clearly articulating 
privacy policy and then taking the fol- 
lowing technology and process mea- 
sures implement and manage it. 

TIP4 Assess what steps need 
with privacy regulations relating your 
business and with your company’s privacy 


policies. 
Audit how and why personal 
data collected, used, 
shared, accessed, stored and protected. 
TIP Look the manual and auto- 
mated processes that are in- 

volved this cycle and figure out which gaps 
need filled. 

obvious these measures may 
seem, this kind gap analysis cru- 
cial first step any privacy manage- 


ment effort, Brownlee says. Otherwise, 
there’s simply telling where how 


personal information embedded 
within your enterprise and how 
needs protected. 


Control who touches the data 
and why, says Arshad Noor, 
CEO StrongAuth Inc., Cupertino, 
Calif.-based identification management 
firm. Have formal processes for restrict- 
ing physical and virtual access confi- 
dential customer employee data. 
Secure the manual and 


which data copied, shared, backed and 


stored. For instance, limit the number 
people who have physical access 
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backup tapes other storage media 
containing confidential information. 
Have strong user-authentication and 
access-control technologies ensure 
that only authorized people have 
access confidential information, 


Noor suggests. 
TIP 49 Understand what permissions 
@ are associated with personal 
data used applications especially ones 
such CRM, ERP and supply chain, says 
Paez. lot the customer data may 
have been collected in a manner not 
consistent with new regulations the 
company’s privacy policy, he says. See 
whether the permissions need 
updated and new permission fields 
need added these applications. 
Investigate and implement processes 
for tracking and storing user permis- 
sions and for seeing that the data 
used consistent manner across all 
applications, Paez says. 


Encrypt all 
data when being 
transmitted and when rest 
siorage media. That way, even 
gets hacked, the information secure. 
Encryption might also provide some lega! 
cover for companies that get hacked. 
Businesses that encrypt data are 
specifically exempt from 
1386, for instance. may also good 
idea consider storing user's name 
separately from other pieces identifying 
information such Social Security 


driver's license number. 

Collect personal information 

only absolutely needed, 
and don’t store for longer than you need it, 
Brownlee advises. Examine whether 
storing personally identifiable infor- 
mation, such Social Security and 
driver’s license numbers, really key 
your business. 

not, are there alternatives col- 
lecting and storing such information? 
The more personal data you collect, 
the greater your liability exposure, ac- 


cording Brownlee. 
TIP Implement good configura- 
tion management, asset 
management and change management 
processes, Noor says. Make sure that 
the hardware, operating systems and 
networks that process personal data 
are hardened and locked down. Shut 
down all unnecessary functions, con- 
figuration settings and permission 
fields, says. Stick the servers be- 
hind firewalls. 


A ‘ 
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may not sanctioned but with 

million business users, instant messaging 
problem you ignore. Here are 
some tips for locking down. Mary Brandel 
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HEN YOU SAY the 
words instant messag- 
ing and security 
many executives, 
you might well 
referring oil and 
water. Some CIOs have simply banned 
the use this collaboration tool 
their companies, citing gaping 
hole through which viruses, hackers 
and corporate spies can enter and out 
which company secrets, libelous 
statements and unaudited communica- 
tions can flow. 

These naysayers have point 
Gartner Inc. Stamford, Conn., has 
identified one the top secu- 
rity issues for 2003. “IM, its very na- 
ture, punches hole the firewall, 
and that opens the possibility 
inviting dangerous worm,” says 
Douglas Schweitzer, Gartner analyst. 

The problem is, originated 
free download for consumers and 
wasn’t designed with corporate securi- 
mind. Instant messages bypass 
virus scanners, and users can inadver- 
tently download files containing mali- 
cious code. And because IM’s casual 
nature, users may less than profes- 
sional their communications. Mean- 
while, these messages uncaptured 
any corporate database, making 
them unauditable. 

But officially sanctioned or not, IM 
use nearly unstoppable and 
some instances, it’s critical business 
tool. Last year, there were million 
users the U.S., and million 
those were business users, according 
The Yankee Group Boston. Fortu- 
nately, there are ways plug many 


security gaps. Here are some tips 
how tame the wild world IM: 


Keep within the firewall. 
Some companies, such 
Terra Nova Trading LLC Chicago, 
want their employees have 
just not over the public network. 
Kevin Ott, vice president technolo- 
system called E/pop from WiredRed 
Software Corp. San Diego. 

E/pop and similar systems, such 
IBM Lotus Software Group’s Same- 
time, Jabber Inc.’s Messenger and even 
America Online Inc.’s Enterprise AIM, 
route instant messages locally, they 
never traverse the public network. 

These systems also offer audit and 
reporting capabilities, well fea- 
tures such virus scanning, directory 
integration with other e-mail systems, 
message encryption and user authenti- 
cation. “It’s completely closed sys- 
tem, and can audit the transcripts 
and put them database,” Ott says. 


brokerage firm Craig-Hallum Capital 
Group LLC Minneapolis, rely 
communicate with business part- 
ners. That’s why turned 
gateway product from FaceTime Com- 
munications Inc. Foster City, Calif. 
Other gateway vendors include Akonix 
Systems Inc., Inc. and AOL. 
These systems can either route in- 
stant messages the internal corpo- 
rate network for employee-to-employ- 
communications interface with 
consumer clients send messages 
outside parties over the 
However, proxy server sits be- 
tween the clients both sides 
the firewall and scans for viruses, fil- 
ters content, periodically attaches dis- 
claimers messages and sends all 
messages database for archiving. 
These systems also allow block 
file transfers, authenticate users and 
control who’s allowed use IM. Some 
gateway products allow conversa- 
tions monitored real time and 
even interrupt those that break corpo- 
rate policies. More common, however, 
after-the-fact monitoring. “We doa 
postreview, because conversations 
are supposed happen real time,” 
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says John Threadgill, managing direc- 
Memphis. “The system checks for key- 
words, and one appears, the 
flagged and manager notified.” 


Filter content for sen- 


Tip 

sitive keywords. Health 
care companies might block flag mes- 
sages with sensitive patient 
whereas 
like return.” All companies 
might disallow certain number 
such those Social Security numbers. 


Encrypt messages. Even 

with gateway product, 
there still vulnerability: “What 
happens the message when it’s out 
the Internet?” asks IDC analyst 
Robert Mahowold. Consumer sys- 
tems store instant messages their 
servers clear text, which anyone, in- 
cluding hackers, can read. 

Encryption one way bridge this 
security gap, although very few compa- 
nies actually use because its com- 
plexity and the fact that many products 
work only both parties use the same 
encryption software. Another ap- 
proach, offered AOL and VeriSign 
Inc., certify instant messages sent 
partners. However, Mahowold says, 
“it’s payment level top paying 
for the client and server.” 


TIP Hammer home your policy. 
After closing what gaps 
you can with technology, the best safe- 
net educate users IM’s secu- 
rity holes. One way this with 
gateway have the system send 
periodic reminders policies. 

The Weather Channel Interactive 
Inc. Atlanta, which uses Akonix’s 
system, salespeople who use consumer 
systems get daily pop-up re- 
minder, says John Penrod, a network 
architect there. “We want them keep 
mind that we’re not preventing them 
from putting dollar mark into 
but that would preferable for 
them think about whether that com- 
munication should done more 
secure way,” says. 


Brandel Computerworld contribut- 
ing writer Grand Rapids, Mich. Con- 
tact her brandels@attbi.com. 


MORE TIPS ONLINE 


Companies share more advice on locking down 
instant messaging: 


QuickLink 39700 
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Boost Your 
Security Career 


Tips and strategies for developing 
acareer information security. 


INFORMATION 
security spe- 
cialists have 
little better 
than other professionals today’s 
tight job market, but not much. 
That’s according Jim Wade, senior 
vice president and chief information 
security officer financial services 
firm KeyCorp Cleveland. 


Amy Helen Johnson 


The pay slightly higher, Wade 
says maybe 10% more than for other 
positions comparable levels 
and high-quality candidate, especial- 
the senior-level ranks, should 
have problem finding interested 
employers. 

become top-ranked information 
security specialist, you have make 
the right moves. Here are some tips 


KNOWLEDGE CENT 


SECURITY 


help you manage your information 


security career. 
TIP Get the right certifications, 

says Wade. There are 
three types: vendor- and technology- 
specific, skills-based, and knowledge- 
based. likely need all three 
different places your career. 

When first starting, says, 
knowledge specific technology, like 
firewalls, good for operations jobs. 
The next step, demonstrating skill 
such intrusion-detection expertise, 
earns you entry into specific projects. 
When you want move into manage- 
ment roles, broad-based certification, 
like Certified Information Systems 
Security Professional (CISSP) Cer- 
tified Information Security Auditor, 
the way go. (Wade also president 
International Information Systems 
Security Certification Consortium Inc., 
professional standards group for the 
security industry and the body that 
oversees the CISSP test.) 

The better certifications account 
for the fact that information security 
continual learning process, says 
Kerry Anderson, vice president and 
information security officer Boston- 
based FMR Corp., the parent company 
Fidelity Investments. look for 
ones that require continuing educa- 
tion credits maintain your status. 
They indicate that you stay date 
this changing field. Ones that re- 
quire you demonstrate on-the-job 
experience are also more valuable 


employers, she says. 
TIP Consider earning graduate 
degree information secu- 
rity, says Wade. Look for programs that 
combine technical training with busi- 
ness strategy courses; today’s security 
professional has savvy about 
corporate financial goals about 
Unix security holes. Two places 
check out: Purdue University and Ida- 
State University. 

you’re looking for more academic 
programs, Anderson suggests re- 
searching the universities recognized 
the National Security Agency 
Centers Academic Excellence 
Information Assurance Education. 
That list available www.nsa.gov. 
TIP Increase your disaster recov- 

ery and risk management 
skills, says Kenneth Davis, director 
information security Allstate Insur- 
ance Co. Northbrook, Ill. People 
with disaster recovery skills are vital 
businesses because they keep opera- 
tions running emergency. need 
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for people with risk management ex- 
pertise arises out recent govern- 
ment regulations that require business- 
such financial services firms and 
health care providers protect per- 


sonal data. 
TIP Build home laboratory, says 
Tom Baltis, manager 
risk management Allstate. Readily 
available freeware shareware ver- 
sions many commonly used tech- 
nologies put such lab within the 
means most people, says. This 
gives professionals the opportunity 
acquire knowledge the underlying 
theories and uses security tools 
skills that transfer regardless the 


actual product used. 
TIP Give something back the 

information security commu- 
nity, says Wade. The best way 
that, says, work with standards 
bodies and professional organizations 
develop best practices and enhance 
the common body knowledge. 
TIP Get project working with 

strategic partners, such 

vendors, service providers and cus- 
tomers, Wade says. This gives you 
valuable experience area 
growing importance: providing ade- 
quate levels security when the risks 
arise from connecting systems out- 


side your infrastructure. 
TIP Consider internship 
school, says Wade. Not only will you 
get practical, real-world experience, 
but also make valuable contacts 
for your postgraduation job search. 
Information security jobs are every- 
where from Fortune 500 companies 
mom-and-pop businesses and 
every state, says Davis. That means you 
have good chance being able 
find work where you live. And 
willing relocate, the chances find- 
ing your dream job increase. 


Take second look 
government jobs, says 
highier salaries and better opportunities 
industry, the U.S. government adapting 
its traditionalty rigid employment practices 
to recruit and retain more information 
security professionals. 


Johnson Computerworld con- 
tributing writer. You can reach her 
amy-helen@pobox.com. 
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Aneclectic collection 


and resources. Mitch Betts 


Spyware Bots: 


ey’re Everywhere 


Some them are innocuous, just 
tracking Web site visits. But “spyware 
bots” software modules deposited 
onto without the user’s knowl- 
edge are the truest form Trojan 
horses, says Jim Hurley, analyst 
Aberdeen Group Inc. 

Some these bots are treacherous, 
says, capable hijacking the 
browser, capturing keystrokes, sniffing 
passwords, collecting confidential 
data, piggybacking telecommunica- 
tions services and allowing outsiders 
take control the PC. 

Spyware makes its way into the bow- 
els the when new software pack- 
ages are installed upgraded. addi- 
tion, e-mail and Web portals contain 
self-installing spyware agents, Hurley 
explains. 

Few people know that their 
riddled with spyware bots, which com- 
municate the information they collect 
Web sites. Neither antivirus soft- 
ware nor firewalls can stop them. 

every home, corporation and govern- 
ment agency throughout the world,” 
Hurley asserts. His recommendation: 
Type spyware Web search engine 
and get one the spyware detection- 
and-elimination tools listed there 
find out what sort spies are lurking 
your PC. 


eZ 


Yield Private Data 


MIT researchers have confirmed that 
many resold and discarded computers 
even those with “erased” hard disks 
harbor confidential data such 
credit card numbers and medical 
records that can readily recovered. 

Scavenging through the data left 
158 secondhand disk drives, the re- 
searchers found more than 5,000 credit 
card numbers, well detailed per- 
sonal and corporate records. One disk 
apparently came from automated 
teller machine and had 
year’s worth financial transactions. 

Many the disk drives had been 
reformatted, the Documents 
folder had been deleted, but that didn’t 
make the data unreadable. all, only 
drives were properly sanitized, the 
researchers reported the journal 
IEEE Security and Privacy. 


Patent Watch 


method for detecting security vulnera- 
bilities Web application. Most scan- 
ners look for vulnerabilities the 
network level, but this one probes for 
security weaknesses the application 
level. U.S. Patent No. 6,584,569, 
issued June 24. Eran Reshef, 
Yuval El-Hanany, Gil Raanan and Tom 


Tsarfati, for Sanctum Ltd. Herzelia, 
Israel. 

“digital persona” for providing access 
personal information. information 
server stores person’s identifying in- 
formation and privacy preferences. 

another computer requests the per- 
sonal data, the digital persona server 
compares the request with the privacy 
preferences and either approves the 
release the data denies the re- 
quest the conditions are unaccept- 
able. U.S. Patent No. 6,581,059, issued 
June 17. Robert Carl Barrett 
and Paul Philip Maglio, for IBM. 


Unisys Suite Detects 
Criminal Patterns 


Unisys Corp. recently unveiled the Ac- 
tive Risk Monitoring System (ARMS), 
software that may help banks spot pat- 
terns seemingly unrelated events 
that add potential fraud, identity 
theft money laundering. 

Actimize Ltd. New York provides 
the underlying analytics technology, 
which monitors transactions real 
time, identifies patterns suspicious 
behavior and flags transactions accord- 
ing predefined criteria. 

For example, suppose criminal 
uses stolen ATM cards succes- 
sion withdraw $500 each time. 
None those transactions taken alone 
would raise flag, but ARMS can de- 
tect change the rate transactions 
during certain time period spot 
the increased number cards that 
have never been used that ATM 
before, Unisys says. 

Paul Roberts, IDG News Service 
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Financial 


The state security financial 
institutions around the world: 


budget developed countries. 


establish the next two years the 
position chief security officer 
chief information security officer. 


40% have chief privacy officer, 
and another intend appoint 
one within the next two years. 


39% acknowledged that their 
systems had been compromised 
some way within the past year. 


24% have cyber risk insurance, 
and another intend acquire 
such coverage. 


SECURITY SURVEY BY DELOITTE TOUCHE TOHMATSU, NEW YORK, JUNE 2003 


Base: Survey of corporate security and IT managers 
at 80 financial services companies worldwide 


JURCE. 2003 GLOBAL 


RESOURCES 


Go to our Security Knowledge Center for tutorials 
and research links: 


QuickLink k1600 
www.computerworld.com 


Security spending can’t continue con- 

sume ever-increasing portions the 
budget. enterprise can afford spend more 
insurance than new product development. 
2005, security groups that can’t demonstrate 
security effectiveness metrics will experience 
flat declining security funding.” 


JOHN PESCATORE, ANALYST, GARTNER INC. 
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Buffer Overflow 


DEFINITION 


buffer overflow occurs when computer program 
attempts stuff more data into buffer defined 
temporary storage area) than can hold. The excess 
data bits then overwrite valid data and can even 
interpreted program code and executed. 


RUSSELL KAY 
THERE too 
much good thing? 
certainly true 
for computer input. 
Internet search 
the term buffer overflow, 
and come with hun- 
dreds thousands links, 
most related security. 

the National Institute 
Standards and Technology’s 
ICAT index com- 
puter vulnerabilities 
(http://icat.nist.gov), 
six the top in- 
volve buffer overflows. 
1999, the now-de- 
funct research firm Hurwitz 
Group Inc. named buffer over- 
flow the No. computer vul- 
nerability. Four years later, it’s 
still major problem. 

you’ve ever poured gal- 
lon water into pint-size 
pot, you know what overflow 
means water spills all 
around. 

Inside computer, some- 
thing similar happens you 
try store too much data 
space designed for less. Input 
normally goes into tempo- 
rary storage area, called 
buffer, whose length defined 
the program the operat- 
ing system. 

Ideally, programs check data 
length and let you input 
overlong data string. But 
most programs assume that 
data will always fit into the 
space assigned it. Operating 
systems use buffers called 
stacks, where data stored 
temporarily between opera- 
tions. These, too, can overflow. 

When too-long data string 
goes into the buffer, any ex- 


cess written into the area 
memory immediately follow- 
ing that reserved for the buffer 
which might another 
data storage buffer, pointer 
the next instruction an- 
other program’s output area. 
Whatever there overwrit- 
ten and destroyed. 

That itself problem. 
Just trashing piece data 
set instructions might cause 
program the oper- 
ating system crash. 
But much worse could 
happen. The extra bits 
might interpreted 
instructions and ex- 
ecuted; they could almost 
anything and would execute 
the level privilege (which 
could root, the highest lev- 
el) assigned that particular 
memory area. 


Bad Programming 
Buffer overflow results from 
well-known, easily understood 
programming error. pro- 
gram doesn’t check for over- 
flow each character and 
stop accepting data when its 
buffer filled, potential 
buffer overflow waiting 
happen. However, such check- 
ing has been regarded un- 
productive overhead when 
computers were less powerful 
and had less memory, there 
was some justification for not 
making such checks. Moore’s 
Law has removed that excuse, 
but still running lot 
code written years 
ago, even inside current re- 
leases major applications. 
Some programming lan- 
guages are immune buffer 
overflow: Perl automatically 


resizes arrays, and Ada95 de- 
tects and prevents buffer over- 
flows. However, the most 
widely used programming lan- 
guage today has built-in 
bounds checking, and pro- 
grams often write past the end 
character array. 

Also, the standard library 
has many functions for copy- 
ing appending strings that 
boundary checking. C++ 
slightly better but can still 
create buffer overflows. 


Cracker’s Choice 

Buffer overflow has become 
one the preferred attack 
methods for writers viruses 
and Trojan horse programs. 
Crackers are adept finding 
programs where they can 
overfill buffers and trigger 
specific actions running under 
root privilege say, telling 
the computer damage files, 
change data, disclose sensitive 
information create trap- 
door access point. 

July 2000, was discov- 
ered that Microsoft Outlook 
and Outlook Express let at- 
tackers compromise target 
computers simply sending 
e-mail messages. one even 
had open message; 
soon the user downloaded 
the message, message-header 
routines went into action 
with unchecked buffers that 
could overflow and trigger 
code execution. Microsoft has 
since created patch that 


eliminates the vulnerability. 


Kay Computerworld 
contributing writer Worces- 
ter, Mass. Contact him 


russkay@charter.net. 
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FER 


simple example showing how works 
and int exploited. First, consider this program: 


erate S12 times 


The following “hat when this function executed: 


Our function using buffer 240 bytes long, which 
happens located memory address 00000077. 
Buffer address bytes) 00000077 
contents (240 bytes) [blank] 
Old base pointer bytes) 12345678 


Buffer address bytes) 00000077 
12345678 
00401000 


Old base pointer bytes) 


contents (240 bytes) 


overflow into the next memory area, overwriting the old base 
pointer and the return instruction pointer. 

Buffer address bytes) 00000077 
Buffer contents (240 bytes) 

Old base pointer bytes) 


Return instruction pointer bytes) 


Now suppose that instead just writing A’s, 
the function inserts malicious code. 


Buffer address bytes) 00000077 
Buffer contents (240 bytes) This evil 
After the buffer filled with the malicious code, 
the old base pointer overwritten. 
Buffer address bytes) 00000077 
Buffer contents (240 bytes) This evil code.... 
Old base pointer bytes) 
Return instruction bytes) 00401000 


with random values but with the address the buffer itself, 
which now contains malicious code. (The address can usually 


Buffer address bytes) 00000077 
instruction pointer bytes) 00000077 


location referenced the instruction pointer and thus 
begin execute the malicious code. 


ONLINE RESOURCES 


to learn about in Quads? Send your 
buffer overflows, visit our Web site: 


QuickLink 39498 


To find a complete archive of our 
QuickStudies, go online to 
www.computerworid.com 
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Predictions: Web services security 
breach will wreck the supply chain. 
And stolen fingerprints eye scans 
will thwart biometric systems. 


BYE-BYE INCOMPETENTS 

The fakers, charlatans and incompe- 
tents will purged from the secu- 
rity industry. three years, 40% the 
current gaggle alleged security pro- 
fessionals will leave the industry 
some other professions, many 
prison for egregious misrepresentation 
their skills. that time, the Depart- 
ment Homeland Security will have 
mandated that all security profes- 
sionals must pass skills certification 
test run the U.S. military academies. 
Thornton May, management consul- 
tant and futurist, Biddeford, Maine 

XML CATASTROPHE 

the next two years, there will 
major XML Web services security 
breach. The consequences will 
much more severe than the defaced 
Web sites and stolen credit cards that 
caused mostly embarrassment the 
early days e-commerce. Instead, 
automated production lines will grind 
halt, company bank accounts will 
emptied, 100-company-long supply 
chains will break, and the most propri- 
etary corporate data may disclosed. 
Eugene Kuznetsov, chairman and chief 
technology officer, DataPower Technol- 
ogy Inc., Cambridge, Mass. 

ATTACKS GET SPEEDIER 

attacks grow more professional 
nature, see even greater in- 
crease the speed threats. For in- 
stance, “flash worms” would operate 
under the premise that determined 
hacker could have obtained list all 
(or almost all) the servers open 


the Internet advance the release 
the worm. Such attack could in- 
fect all vulnerable servers the Inter- 
net less than seconds. Protecting 
against these threats will require new, 
proactive technologies, including be- 
havior blocking, anomaly detection 
and new forms heuristics. 

Rob Clyde, CTO, Symantec Corp., 
Cupertino, 
OFFSHORE TERRORISTS 
Next year, “sleeper cell” terrorist 
group will infiltrate the offshore pro- 
gramming industry and identified 
the cause widespread worm 
that will have been injected the code 
widely used software product. 
Tari Schreider, director the security 
practice, Extreme Logic Inc., Atlanta 


NEW ORGANIZATIONAL CHART 

Public and private companies, large 
numbers, will merge physical and data 
security. unify these two inde- 
pendent groups the organizational 
chart and convert physical access-con- 
trol systems from stand-alone systems 
network-enabled systems that con- 
vert physical access activity into net- 
work data. This data about physical ac- 
cess will correlated with activity 
reports provide early detection and 
warning security breaches. 

Joel Rakow, partner, Tatum Partners, 
Los Angeles 


SURGICAL STRIKES 

Three four years ago, hackers were 
taking haphazard, shotgun approach 
Internet attacks, but now they’re us- 


ing their tools penetrate very spe- 
cific and lucrative targets, especially 
enterprise networks containing valu- 
able intellectual property. These highly 
targeted attacks are the rise, each 
one more intelligent and harmful than 
the last. 2005, targeted attacks will 
account for more than 75% corp- 
orate financial losses from security 
breaches. 

the next two years, companies 
will need build much stronger and 
more intelligent defenses around every 
network endpoint touching sensitive 
information, instead depending 
general perimeter security. 

Gregor Freund, CEO, Zone Labs Inc., 
San Francisco 


HORSES AND LOGGERS THREAT 

the end 2003, Trojan horses and 
keystroke loggers will overtake viruses 
the greatest threat users. 
see countless malicious attacks each 
month and most will initially un- 
detected, causing companies lose 
millions dollars. This problem will 
made worse the proliferation 
wireless laptops and other mobile de- 
vices, which provide hackers with 
back door for infiltrating enterprise 
networks. 

Pete Selda, CEO, WholeSecurity Inc., 
Austin 


STOLEN FINGERPRINTS 

Biometrics perceived the ultimate 
security, but what does somebody 
once their bioprint stolen? With- 
three years, hackers will have all 


www.computerworld.com 


sorts scanned fingerprints, retinal 
patterns, etc., and these will used 
bypass biometric network security. 
When your credit card stolen, you 
phone Visa and have new card is- 
sued. When your bioprint stolen, 
you call God and ask for new set 
fingerprints eyes? 

Malcolm MacTaggart, president 
and CEO, CryptoCard Corp., Kanata, 
Ontario 


OUTDATED SIGNATURES 
Behavioral-anomaly-based technology 
will replace traditional signature-based 
methods prevent damage from 
viruses, worms and Trojan horses over 
the next three five years. 

Jeff Platon, senior director security 
marketing, Cisco Systems Inc. 
FIRING THE CLUELESS 
Barnum knew that sucker was 
born every minute. Since most cyber 
risk directly attributable insider 
activity, including the social engineer- 
ing digital dullards, renewed focus 
background checks necessary. 
The chief security officer the fu- 
ture, working with the chief, go- 
ing find and fire digital “suckers” 
before their dimness puts the enter- 
prise risk. 

Thornton May 


MORE PREDICTIONS 


Expect to see a U.S. Cyber Corps, secure e-mail and 
tougher federal security regulations: 


QuickLink 39538 
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Little Blue 


The SmartPrint TruBlue, from 
Labcal Technologies Inc. Que- 
bec City, combines fingerprint bio- 
metric technology with smart- 
card authentication reader. The 
goal this hybrid device 
eliminate those pesky, complicat- 
passwords. plugs into com- 
puter’s Universal Serial Bus port. 
Mitch Betts 
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Nominate 


outstanding leader 
for Computerworld’s 


Premier Leaders 
2004 Awards program 


EACH YEAR, Computerworld editors conduct nationwide search for 

managers and executives who show technology leadership their 
organizations. This prestigious awards program recognizes and honors 
professionals from wide range industries, drawing attention the 


innovative, business-critical 
work they do. 


ELIGIBLE NOMINEES include 
CIOs, CTOs, senior vice presi- 
dents, VPs, directors and 
managers from user compa- 
nies, nonprofits, the computer 


industry and the private sector. 


HONOREES will announced 
Computerworld’s Jan. 
2004, issue and our guests 
the Sth Annual Premier 100 
Leaders Conference, 
March 7-9, 2004, Palm 
Desert, Calif. 


and 
executives who 
Effectively manage and 
business strategies 
Envision innovative 
approaches business 
Foster great ideas and 
creative work environments 
Excel vendor and 
management 
Take calculated risks and 
learn from failure 


The for all nominations this July 18. 
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Lead Software Development En- 
gineer (Denver) - Lead in the 
team effort to design, develop, 
code, test & debug new complex 
software/make significant en- 
hancements to existing complex 
software using knowledge of 
C/C++, Java, SQL; UML, SCM; 
Oracle, PL/SQL, Pro*C; client- 
server programming & database’ 
design; & Unix programming 
Lead review of input for docu- 
mentation of new/existing soft- 
ware. Apply existing & introduce 
new & approved technologies to 
develop solutions using C/C++, 
PL/SQL, rule-based systems on 
a Unix platform. Lead others in 
the application of principles, the- 
ories & concepts & use of 
methodologies, tools, docurnen- 
tation processes & test proce- 
dures to complete projects in- 
cluding Magic Solutions & other 
business process automation 
applications. BS Comp Sci, Eng 
or related. 5 yrs. related experi- 
ence, $93,800/year, M-F 8-5, 
detailed working knowledge of. 
C/C++/Java/SQL, UML, SCM 
design/development tools, Orac- 
le, PL/SQL, Pro*C, Client-server 
programming, Unix program- 
ming. Application by resume 
only to CODOL, Two Park 
Central, Suite 400, 1515 
Arapahoe Street, Denver, CO 


80202; Ref job COS049367 


IT Positions: (St. Louis, MO) 
Programmer Analyst: Develop multi 
-tier busi./mgmt info syst. and per- 
form data modeling/recon.in AS; 
400/ILE environ. using OO, CL pro- 
gram., RPGIV, PDM, RUL, SDA 
and SQL400. 

Test Analyst: Complete testing life 
cycle of GUI/Web-based appis. w/ 
test scripts using SQA /Rational 
Robot, setup data on AS/400 and 
testing populated data in Informix 
db on UNIX w/ SQL query, post 
beta release issues and QA 
process. 

DBA: Design/impiement terabyte- 
size relational Informix db on HP- 
Unix, SUN Solaris & IBM-AIX; db 
structures/objects/logic design; RD- 
BMS backup/recovery strategy; 
tuning/security w/ Informix 4GL, 
VERITAS Netbackup, Shell scripts, 
C, and ESQL/C 


Require BS/BA or the equivalent in 
Comp. Sc., Engr. MIS. or in a close- 
ly related field.(will accept equ 
exp.) plus min.6 mon. exp. in 
offered/related position, and must! 
be able to perform all the duties on 
the day of employment. Full time. 
competitive salary. Resume to 
Crawford Group, Inc. at 
spiatt@erac.com_ include 
“ComputerWorld” in the subject 
line. NO CALL/EOE 


Software Dev. Co. req. Software 
Engr., Duties incl : Take an active 
role in the development and 
maintenance of Object oriented 
multi-threaded SCADA software 
Software Engineer will develop 
software requirements specifica- 
tions, functional specifications, 
software design documents and 
test documents. Design develop 
and implement ladder logic and 
device driver using MODBUS. 
SNP-X, IEC 870 protocol for PLC 
Knowledge of GUI implementa- 
tions is required for both the 
designing and debugging of code 
using VC++. Perform database 
design, develop, maintain and 
implement database _ scripts 
stored procedure and triggers for 
SQL-Server and MS-ACCESS. 
On-site implementation of HMI 
software. Job to be performed at 
Frederick , MD, and at various 
unanticipated client sites through- 
out the U.S. Resp. to IT Director, 
Engineering Systems Solutions, 
Inc. 5726 Industry Lane, 
Frederick, MD 21704. 


Senior Software Engineer 


Develop complex, multi-tiered ap- 
plications, especially Internet ap- 
plications & to design & troubie- 
shoot at all stages of development 
Interact w/customer to understand 
& dea! w/any potential complica- 
tions or special requirements. In 
developing application, must for- 
mulate & develop application de- 
sign using object oriented analysis! 
& design techniques, develop & 
deploy design under operating 
systems UNIX or NT, as well as 
conduct application engineering & 
assist customers in writing applica- 
tions using assorted tools. Posi- 
tion requires extensive amount of 
travel in N. American region. 

Rars: MS in CS, Engineering, or 
related or equivalent. A BS w/5 
years of post-baccalaureate pro- 
gressive experience will substitute 
for a Master's degree. Requires 
extensive knowledge in server side 
Java or C++; extensive knowledge 
in developing in UNIX or NT; ex- 
tensive knowledge in development 
using object oriented analysis & 
design techniques; knowledge of 
J2EE standards, including EJB. 
JSP, Serviet Programming, JNDI 
& JBDC; knowledge of e-com- 
merce projects; knowledge in 
XML; & knowledge of directory ser- 
vices. 8:30a.-5:30p. 40 hrs/wk 
$115,000/yr. Submit 2 resumes to 
Case # 200200417, Labor Ex- 
change Office, 19 Staniford St, 1st. 
fi., Boston MA 02114. 


Software Engineer 

Must design & develop complex 
enterprise/distributed systems 
for the Internet using Java, sup- 
porting technologies & tools 
analyze software requirements 
to determine feasibility of design 
within time & cost constraints; 
assist in planning, development. 
& modification of any existing 
application; develop & direct 
software system testing proce- 
dures, programming & docu-' 
mentation; & consult with cus- 
tomer concerning issues of a 
software system. Rqrs: BS in 
CS, E, or related w/2 years soft- 
ware industry experience. Rars 
experience in Java Program- 
ming Language; real-world ex- 
perience designing & building 
Multi-Tier enterprise applica- 
tions, Object-oriented design, & 
relational databases; & experi- 
ence wieither weblogic applica- 
tion server or IBM's websphere 
Application server. Good com- 
munication skills are a must. 
10:00a.-6:00p. 40 hrs/wk 
$74,000/yr. Submit 2 resumes 
to Case # 200201855, Labor 
Exchange Office, 19 Staniford 
St, 1st. fl, Boston MA 02114 


Prog/Analysts to - analyze, 
design, test client server/web 
appis with OOAD methodologies 
using Java, VB, EJB, Servlets, 
JScript, XML, HTML, Oracle, 
SQL, JDBC, Access, Weblogic, 
etc in Windows OS; analyze 
business processes, determine 
reqs, generate reports; docu- 
ment, maintain, debug, test, per- 
form code optimization; OR - 
analyze, develop, maintain s/w 
appis using Oracle Appis, 
Oracle, PL/SQL, Dev 2000, etc! 
under Windows/UNIX OS; con- 
duct functional testing/debug; 
perform data conversions, cus- 
tomize Forms/Reports using 
Oracle Appis standards; docu- 
ment, maintain & update dev 
process. Require: BS or for- 
eign equiv. in CS/Engg (any 
branch) or related field & 2yrs 
exp. in IT. High salary. Travel 
involved. F/T. Resume to: HR, 
Bahwan Cybertek Tech- 
nologies, Inc., 209 West Central 
Street, Ste 312, Natick, MA 


ASP Web Dvipr wanted by 
Multi-Nat'l Mktg & Ad Co. in 
Detroit. Oversee prgmng for 
database web projects using 
ASP; review site specs, meth- 
ods & technology; ensure pro- 
ject deliverables are complet- 
ed to standard; create appli- 
cations to support multi-plat- 
form deployment; trouble- 
shoot; eval/specify hardware; 
mng systs interface. Bach in 
Comp Sci or Engineering & 
2yrs in job offered req. Re- 
spond to: HJ/HR Dpt, PO Bx 
4241, GCS, NY 10163. 


Computers —- Citigroup, Inc 
(Stamford, CT) seeks Software 
Engineers/Developers, Prog 
Analysts/Admins, Project Mgrs, DB 
Architects, QA Engineers w/BS or' 
MS in Comp. Sci, Engineering 
Math, IT Electronics, CIS, MIS, Bus. 
Admin. or related quantitative field 
or equiv. combo. of work exp. & 
educ., &/or exp. in any above or 
similar positions. Exp. in any of the 
following: UNIX, AIX, Sun/Solaris 
PL/SQL, Sybase, Oracle, C++ 
ProC, VB, ASP, Visual Interdev, 
Java, JavaScript, Oracle, Netscape, 
MS, IIS, Shell Scripting, HTML, Fox 
Pro, Perl, Windows NT, Networking 
Security tools, QC, Encryption 
Tools, CASE tools, e-Commerce’ 
technologics. Forward resume to 
Attn: DT, 100 First StamfordPlace 
Stamford, CT 06902. No calls or 
faxes, please, EOE. M/F/D/V. 


Applications Systems An- 
alyst wanted by Lux Resort 
& Casino in FL. Analyze, 
design/redesign, dvip & 
support internet initiatives 
& web pgs; install & sup- 
port server; work w/team to 
dvip corp intranet; dvip 
custom appl based inter- 
faces. Bach in Comp Sci & 
2yrs exp in job offered req. 
Respond to: Recruitment 
Mngr/Kerzner, 1000 S Pine 
Island Rd, Plantation, FL 
33324. 


K Kama Consulting Inc. 


TOP $$'s, W2 or 1099 


We are a fast growing 
Consulting company based 
in New Jersey. 
Excellent opportunities for 
Programmers, 
Systems Analysts, DBAs. 


Sun Solaris System Admins, 
Natural, Webshere, 
ADABAS, ORACLE, SYBASE, 
PROGRESS, COBOL, C++ 
TCPIP, Delphi/VB, Windows NT 


Send your resume to 
Rod McFadden 
Kama Consulting 
Fax: 704-896-9660 
Email: rod@kamaco.com 


PROGRAMMER ANALYSTS for 
Mt. Prospect, IL office. Develop’ 
& maintain software applications 
using Oracle, SQL Server, Er- 
win, Linux, Sybase, XML, UML, 
Interwoven, Coolgen, Clear- 
Case, ClearQuest, Plumtree, 
PVCS, UNIX. Bachelors Degree 
teqrd in Computers, Engin- 
eering, Math or related field of 
study + 2yrs of related exp. 40 
hrs/wk; Must have legal authori- 
ty to work permanently in the 
U.S. Send resume to HR 
Manager, Magnum Technol- 
ogies, Inc. 1000 Arbor Court, Mt 
Prospect, IL 60056. 


Sr. Software Engineer (with 
Bachelors degree and 5 years 
experience) - West Chester, 
OH. Job entails and requires 
experience in design and 
development of applications 
using, Oracle, Visual Basic, 12 
Demand Planner, PL/SQL, 
Perl Script and Unix. 
Relocation within USA possi- 
ble. Attractive compensation 
package. Send resume to 
Catherine Fanucchi, SDG 
Corporation. 65 Water Street 
Norwalk, CT 06854. 


Paradigm Infotech is looking for 
programmer/system analysts, 
s/w engineers. Candidate must 
have BS with at least one-year 
IT experience. Good skills in 
C/C++, Java, Oracle, WebLogic, 
VB, HTML, ERP are plus. 
Traveling is required. Apply 
jobs@paradigminfotech.com 
EOE 


Synova Inc is seeking profes- 
sionals with following skills 
Programmer/System Analysts 
Engineers in Mainframe, Web 
Tech, Technical/functional (SAP 
& Peoplesoft), Java, VB, 
Rational/RUP, UML, J2EE, Unix 
DBA, Oracle, SQL DBAs 
Respond to: 

ads@synovainc.com 


System Analyst wanted to 
analyze data processing 
problems for application to 
electronic data processing 
systems; analyze user re- 
quirements, procedures, 
and problems to automate 
or improve existing sys- 
tems, and related duties. 
BS in CS or in Electrical 
Eng. 2 yrs exp Required. 
Send resume to Advanced 
Control Systems Cerp., 35 
Corporate Park  ODpr., 
Pembroke, MA 02359. 


Software Engineer 
(Monrovia, MD) for 
s/ware product co. 
Reqs: Bach degree 
Comp Sci/Comp Eng 
job offrd relatd. 
Send 


Monrovia, 
21770, attn: Lance 


Engineering Programmer 
sought to convert engi- 
neering formulations into 
computer programs to be 
used for oil drilling equip- 
ment. Program and cus- 
tomize drilling rig systems 
to meet the clients’ needs, 
perform related 
duties. B.S. in Computer 
Science and experience 
required. Send resume to 
EMER International, Inc., 
19424 Park Row, Suite 
104, Houston, TX 77084. 


BitsOfCode Software Sys- 
tems, Inc. (Katy, TX) is seek- 
ing System Analysts. 6 mon. 
exp. using C#, C++, C, Java, 
TIBCO, FIX, FiXML, XML/ 
XSLT/DHTML, J2EE/Swing, 
TOPS Financial Modules, 
Reuters/Tibco Market Feeds, 
JRun, COM/DCOM/Activex, 
JNI, JDBC, Excel VBA, Or- 
acle, SQL, Javelin Appia, B2B 
Fix, JBuilder and Weblogic. 
B.S. required. Send resume 
to 22523 Westbrook Cinco 
Ln, Katy, TX 77450. 888-423- 
4993(F)/281-693-2633(T). 
Attn: Joseph Koothrappally. 


System Admins. to analyze, 
design/develop appis using 
Lotus Notes, Lotus Script, 
JScript, HTML, XML, Oracle, 
MS SQL Server, etc. under 
UNIX/Windows OS; _ install, 
administer/configure Lotus 
Notes R4/R5, Domino R6, 
Windows NT, maintain backup, 
schedule maintenance, adminis- 
ter user accounts, provide user’ 
support for network problems. 
Require: B.S. or foreign equiv in 
CS/Engg(any branch) with 2 yrs 
exp in system admin. High 
Salary. F/T. Travel involved. 
Resume to: HR, Salem 
Associates, Inc., 405, 6th Ave., 
Ste 102, Des Moines, IA 50309. 
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Programmers to analyze, 
design, test data warehousing / 
data mart, software appls and 
ETL tools like Informatica and 
Cognos, Oracle, MS SQL 
Server, Dev 2000 under 
Windows OS OR analyze, 
design buss./scientific appis 
using SAP R/3, ABAP, VB, 
Oracle, SQL Server on UNIX/ 
Windows envir.; gather and doc- 
ument reqs from user communi- 
ty; test/troubleshoot project 
appin code according to system 
objectives. Require: B.S. or for- 
eign equiv. in CS/Engg. (any 
branch) and 6 months exp in IT. 
In lieu of BS, 3yrs of academic 
Studies towards a Bachelors 
plus 1 yr of exp in IT will be 
acceptedHigh salary. Travel 
involved. F/T. Respond to 
Smartsoft International, Inc., 
4898, South Old Peachtree Rd. 
Ste 200, Norcross, GA 30071 


ComSpec International is look- 
ing for system/programmer ana- 
lysts. Duties include design test 
data and test plan, use Uniface 
Oracle, Access XP, Crystal 
Report. Quaiified applicants 
must have BS with exp as soft- 
ware developer. Please contact 
R.Brender@comspec-intn!.com 
EOE. 


Corpus has multiple openings 
for IT professionals. Following 
skills preferred: Oracle, SQL 
PL/SQL, COBOL, C/C++, VB. 
SAP, Java, XML, ERP, ASP, NT, 
XSL. Minimum BS degree. 
Traveling is required for some 
positions. Please send resumes 
to info@corpusinc.com. EOE 


Seeking qualified applicants for 
the following positions in 
Memphis. TN: Senior Systems 
Programmer. Devise proce- 
dures to solve complex systems 
and applications problems. 
Requirements: Bachelor's deg- 
ree* in computer science, MIS, 
engineering or related field plus 
5 years of experience in sys- 
tems programming. Experience 
with UNIX, C and logistics code 
development also required 
*Master’s degree in appropriate 
field will offset 2 years of gener- 
al experience. Submit resumes 
to Sibi George, FedEx 
Corporate Services, 1900 
Summit Tower Bivd., Suite 1400, 
Orlando, FL 32810. EOE 
M/F/D/V. 


Manager of Customer Appli- 
cations wanted by shipping 
and container co. in Tampa, 
FL. Must have a minimum 4 
years exp. as a Computer 
Systems Analyst/Programmer 
Analyst or related occupation, 
with 4 yrs. exp. with AS400/ 
iSeries programming including 
CL, RPG, 2 yrs. exp. using 
RPGIV/ILE and 1 yr. exp. using 
Robot, Implementer and 
Hawkeye Pathfinder. Refer to 
Job #IMG100 Lykes Lines 
Limited, LLC (CP Ships), 401 
East Jackson St., Suite 3300, 
Tampa, Florida 33602. 


Check out our jobs 
the combined 
CareerJournal.com 


database. 
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Programmer/Analyst needed for 
analysis and design of systems 
solutions across multiple techni- 
cal and business environments 
Requires 3 years of experience 
in job offered or in related occu- 
pation of Programmer. Exper- 
ience must include 3 years 
with Visual Basic and Oracle 
and/or SQL; and 2 years with 
ASP and Javascript. Salary 
offered: $69,030. Send res- 
umes to Bureau of Labor Stand- 
ards, 45 State House Station 
Augusta, Maine 04333-0045 
Refer to job order #38081 for 
Programmer Analyst 


Prog/Analyststo design, devel- 
op/deploy complex appis using 
Cold Fusion, Oracle, Java, 
Jscript, HTML. SQL Server, Cold 
Fusion App. Server, WebLogic, 
etc. under Windows OS; ana- 
lyze functional and user reqand- 
new tech. to solve business 
problems; test, troubleshoot 
and debug appls. Require: B.S 
or foreign equiv in CS/Engg (any 
branch) field with 2 yrs exp in IT. 
High salary. F/T position. Travel 
Required. Resume to HR 
Smartsoft international, Inc., 
4898, South Old Peachtree Rd 
Norcross, GA 30071 


S/W Enggs to analyze, design 
develop appls using C++, Java, 
CORBA, EJB, JDBC, JSP. 
Rational Rose, CGI, SQL, 
Oracle, Crystal Reports 
Weblogic under Windows/UNIX 
OS; perform project scoping 
project planning project time; 
cost schedules, quality of deliv- 
erables; study, evaluate new 
tech/methodologies; provide 
technical guidance for compiex 
user problems. Require: MS or 
foreign equiv. in CS/Engg. (any 
branch) & 1 yr exp. in IT. High 
Salary. F/T. Travel involved 
Respond to: HR, Unilinx, Inc., 
4625 Alexander Or., Ste 110 
Alpharetta, GA 30022 


Programmer Analysts: Plan, de- 
sign, deveiop, configure, code, im- 
plement & analyze computer pro- 
grams & systems. Modify existing 
application and provide systems 
support. Analyze users requirement 
to enhance system performance. 
Req. Bachelor's degree or equiva- 
lent in CS, CE, EE (Electrical or 
Electronic and Communication En- 
gineering). Must be proficient in 
either C++ , Oracle, PowerBuilder, 
MCSE, CCIE, Unix Shell-program- 
ming, CrystalReports, CCNA, or 
Rational Rose. 40hr/wk, 9:00 a.m.- 
5:00 p.m. Send resume to Think 
Development Systems, inc., 6292 
Lawrenceville Hwy., Suite-C, 
Tucker, GA 30084. 


Software Engineers. Analyze 
requirements, formulate design, 
test, modify and develop sys- 
tems/software appins; using 
MQ Series, Weblogic, J2EE, 
RMI, JMS, JDBC. JNDI, JTA, 
TIBCO, UML, Netscape Direct- 
ory Server, Oracle, DB2, PL/ 
SQL, etc. to determine feasibili- 
ty; prepare & design specs; 
develop testing procedures. 
Reqd. BS or Equiv. in edu & 
exp. in CS/Engg/Maths/related 
plus 2 yrs exp. Comp. salary, 
send resume to HR Surecom 

82 West Main Street, 


Senior Software Engineer (Port- 
land, Oregon) - Responsible for 
full life-cycle development of ob- 
ject-oriented multithreaded Win- 
dows applications using Visual 
C++ to provide network wide 
system solutions to report and 
controi network consumption 
and improve end-user response 
time. Develop algorithms for 
Socket based TCP/IP applica- 
tions to manage distributed 
components that align network 
consumption for customers 
needs. Use Layered Service 
Provider ("LSP") technology to 
implement product features 
Must have Bach. deg. or equiv. 
in Comp. Sci., Eng. or related 
field. Must have 5 yrs of exp. in 
the job offered or 5 yrs in a posi- 
tion involving full life cycle devel- 
opment of object-oriented Win- 
dows applications using Visual 
C++. Exp. mentioned may have 
been obtained concurrently and 
must include: (i) 1 yr of exp. de- 
veloping algorithms for Windows 
Socket based TCP/IP applica- 
tions to manage distributed 
components; (ii) 2 yrs of exp. 
building multithreaded apps for 
Microsoft Windows platform 
and (iii) 1 yr of exp. impiement- 
ing product features using LSP 
technology. Must be legally 
authorized to work in the U.S. 
Please send resume to S 
Pandya (REF:SSE), Centrisoft 
Corp., 707 Southwest Washing- 
ton, Suite 1200, Portland, OR 
97205. 


Applications Support Analyst, On- 
tario, CA. Consult w/ SAP users to 
identify & analyze SAP processes 
& issues. Redefine SAP process- 
es, recommend & help impiement 
changes. Change, maintain & doc- 
ument Warehouse SAP processes 
per ISO 2000. Assist QA Dept. & 
processes, & act as Internal ISO 
Auditor for Configuration Ctr. 
“Write up” user needs, prog. func- 
tions, & steps to develop/modify 
relevant programs & syst, prep. 
workflow charts & diagrams re 
same. Help resolve work problems 
re: flow charts, project specs, pro- 
gramming. BS or equiv + 1 yr 
experience, incl. QA. Fluent SAP 
R/3, AliClear, Visual C++ & C++ 
HTML, ASP, Rational Rose. Send 
resume to VP, HR, En Pointe 
Technologies, 100 N. Sepulveda 
Bivd., 19th FI., El Segundo, CA 
90245. 


Programmers to  analyze/ 
design database & other soft- 
ware appis using Oracle, SQL, 
Visual Basic, Active X, 
FormBuilder etc under 
Windows and UNIX OS; devel- 
op system spec; enhance and 
modify existing appls; study, 
evaluate new tech/methodolo- 
gies; provide technical guid- 
ance for complex user prob- 
lems. Requires B.S. or foreign 
equiv. in CS/Engg. (any branch) 
& 6 months of exp. in IT. Apply 
by resume to: HR, Fourth 
Technologies, inc., 585 Toligate 
Rad., Ste |, Elgin, 60123. 


Senior Software Engineer 
sought by legal information 
services co. with office in 
Glendale, CA. Exp in VB, 
OOAD methodology, COM, 
UML, DHTML, XML, ASP, 
C++/Java, IIS, ADO, C#, 
NET, Oracle, Crystal Reports 
and SQL Server. Analyze, 
design, develop, test & sup- 
port web-based e-commerce 
applications for MS Windows 
Resumes to HR Dept., CCH 
Legal Information Services, 
Inc., 111 Eighth Ave, NY, NY 
10011. 


InfoWorld 


Meet With Leading Employers The... 


CHICAGO, PHILADELPHIA, 


600 £. Grand Avenue ¢ Chicagy, IL 606114 12th & Arch Street © Philadelphia, PA 19107 


Partial List of Employers includes: ACE Hardware | Partial List of E 
Corporation, ASAP Software, Blockbuster Computer } Financial Adv 
Associates, Orug Enforcement Admini 

GlaxoSmithKline, Liberty Mutual, Merck, Northrop Group, Comcast. 
Grumman Corporation. Office Depot, Progressive of, Administrati 
Insurance, SBC Communications U 


Border Patrol. Verizon Wireless and Wal-Mart Stores 
Exhibit Hours for Both Events: 11:30am Free Admission 
Employers please call Gloriann Clark 310- 


TransUnion, US 


Trustek, inc. Consulting firm is 
seeking Software Engg. w/MS & 
min. 1 yr. exp. or equiv. & Prog 
Analyst w/BS & 2 yrs. exp. or 
equiv. Travel/Relo required any- 
where in US. C, C++, NT, UNIX. 

Perl, CGI, Sybase, .Net 
Studio, VB.Net, ASP.Net, SQL 
Server, WebPages, JavaScript 
VBScript, CORBA, HTML 
DHTML, ASP. CSS, CPM/DCOM 
COM+, Crystal Reports, Archi- 
tecture, Erwin, Developer 2K 
PL/SQL, SQL*Plus, Forms, Re- 
ports, Express, Designer 2K 
Star/Snowflake Schema, Model- 
ing, Java, JSP, XML, XSL, XSLT. 
J2EE, EJB, WebSphere, Web- 
Logic, UML, Rational Rose, JDK 
Swing, Struts, Datawarehousing., 
ETL, OLAP, DSS, Informatica 
(PowerCenter, PowerMart), Cog- 
nos (Impromptu, PowerPlay) 
Brio, Business Objects, SUN 
Solaris, HP-UX, ITO, Veritas. 
EMC, SAN, OpenView, Oracle 
Clinical, ClinTrial, SAS, FDA reg- 
ulations, Validations, Oracle 
Applications, nQuery, People- 
Tools, PeopleCode, PeopleSoft 
SAP R/3, SapScript, SmartScript, 
Idocs, ALE, EDI, BASIS, ABAP. 
BW, APO, ITS, Adaytum, Cognos 
Business Suite.Software Engin- 
eer Position applicant should also 
have exp. in interface w/hardware 
& software. All applicants should 
be able to provide functional 
implementation, config, train, 
analyze, implement, code, test, 
backup, install, manage, cus- 
tomize, tuning, AS-IS study. 
Internet/Intranet applications, 
stored procedures, triggers 
Create database tools, tables, 
files, roles, indexes, space man- 
agement and re-organize. Apply 
wiresumes to Attn: Recruiter, 2 
Ethel Road, Suite 202-C, Edison, 
NJ 08817 


According to a recent poll by Computerworld. that included 
11,500 IT employees, Hershey is “The best place to work if you are 
an IT Professional 


We are currently seeking qualified professionals to serve as SAP 
ERP Business Process Managers. The key responsibility of this role 
is to act as a bridge between the Information Services Group, and 
the HR and Manufacturing organizations, working primarily on 
either the compensation and/or time management modules 
of SAP (2 open positions). In this role you will be responsible for 
all aspects of the implementation lifecycle including: complex 
business process design, development & optumization, SAP 
configuration, strategic direction for the integration of various SAP 
modules, testing and the training and development of customer 
and junior team members. You will also be responsi ble for 
customer relationship management, project proposals, leading 
budgeting and resource planning within the area of expertise, and 
providing overall strategic direction regarding the deployment of 
SAP at Hershey Foods Corporation 


The ideal candidate will have: 
* Bachelor's of Science degree 


¢ Minimum of 3 years of SAP design and implementation 
and a minimum of 10 years in Information Services or an 
operational business area 


Ability to lead solutions within a functional/business 
process area 


¢ Knowledge of business process improvement programs 
within the consumer packaged goods industry or a 
related field 


Various IT positions also available 
We offer 401(k) and stock plans. Please apply via our website at 


We will only respond to those individuals who will be 
interviewed. Equal Opportunity Employer M/F/D/V. 


Hershey Foods 
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pcludes: American Express 
ARK Healthcare Support 
r Channel Radio, Clement 
Federal 
FedEx. Lockheed Martin 
ce. Sovereign Bank, Takeda 
the latest information, visit 
For the latest information, visit 
ERP Business Process 


Sr. SW Engr.- As member of SW developmt. team, design & develop SW & sustain co.'s cutting-edge telephony devices. Will 
develop & enhance serviceability tools & participate in design & code reviews. Will test & integrate telecom products & pro- 
vide critical bug fixes for customers. In addition, will provide customer SW enhancements & use programming/analytical skills 
in order to provide services for debugging. Must have B.S. in Comp. Eng’g, Comp.Sci., E.E. or equiv.+ 5 yrs. exp. in the job 
offered or 5 yrs. progressively responsible post-grad. SW developmt. exp. (Syrs. exp. must include at least 2.5 years exp. w/ 
Telecom SW development.) in the alternative, employer will accept M.S. in stated fields + 2 yrs relevant exp. Must have’ 
knowledge in at least one of the following telecom protocols, ISDN or SS7 Call processing, ATM or TCP/IP, as well as strong 
coding skills in C. 40 hrs/wk; Salary: $92,833/yr. Send 2 copies of resume to: Case #200201602 and/or 200201644 , Labor 
Exchange Office, 19 Staniford St 1st Fl, Boston MA 02114 


Sr. SW Engr.- Develop, integrate, maintain & test complex communication protocols including, but not limited to: Sigtran, 
SS7/CCS7 & ISDN. Participate in design & code reviews of new SW & modifica'ns to exist'g SW. Develop, maintain & test 
telecom applications & system SW responsible for configuring & controlling the system, internal communication between SW 
entities, fault tolerant & redundant operation of SW. Analyze & document computerized telecom system SW regs., function- 
al specs., architectural specs. & design specs. Must have M.S. in Comp. Eng’g, Comp. Sci., E.E. or equiv., + 2 yrs. exp. in 
job offered or 2 yrs. exp. w/telecom SW development. (Exp. may be gained before or after M.S.). In the alternative, employ- 
er will accept Bachelor's degree + 5 yrs. of progressively responsible post-grad SW development exp., including 2 yrs. tele- 
com SW developmt. exp. Must have proficiency in C programming, as well as knowledge of telecom protocois. 40 hrs/wk: 
Salary: $92,833/yr. Send 2 copies of resume to: Case #200201646, 2002 Labor Exchange Office, 19 Staniford St 1st Fi 
Boston MA 02114 


Sr. SW Engr.- As a member of SW developmt, team, design & develop Element/Network Management SW. Will determine 
SW developmt. process best practices including design & code reviews. Will prepare specs. for Element/Network 
Management SW. Will design & develop Plexus PlexView Element Manager SW. in addition, will test & integrate EM SW 
w/ Plexus 9000 & other products developed by the company as applicable. Must have B.S. in Comp. Sci./Eng’g, 
Electrical/Electronics Eng'g or equiv. + 3 yrs. exp. in job offered or 3 yrs. exp. in SW developmt. Must have developmt. exp. 
w/ element/network mngmt. SW for the telecom industry. Must have exp. develop'g SW applications on UNIX platforms using 
Java and/or C/C++. 40 hrs/wk; Salary: $92.833/yr. Send 2 copies of resume to: Case #200201665, Labor Exchange Office 
19 Staniford St 1st Fi, Boston MA 02114 


Sr. SW Engr.- As member of SW developmt. team, design & develop SW & sustain co.'s cutting-edge telephony devices. 
Will develop & enhance serviceability tools & participate in design & code reviews. Will test & integrate telecom products & 
provide critical bug fixes for customers. In addition, will provide customer SW enhancements & use program’'g/analytical skills 
in order to provide services for debugging. Must have M.S. in Comp. Eng’g, Comp. Sci., E.E. or equiv.+ 2 yrs. exp. in job 
offered or 2 yrs. exp. w/Telecom SW developmt. (exp. may be gained before or after M.S.) In the alternative, employer will 
accept Bacheior’s degree + 5 yrs. of progressively responsible post-grad SW developmt. exp. includ'g at least 2.5 yrs. exp 
witelecom SW developmt. Must have knowledge in at least one of the following telecom protocols: ISDN, SS7 Cail pro- 
ssing, or TCP/IP as well as strong coding skills in C. 40 hrs/wk; Salary: $92,833/yr. Send 2 copies of resume to: Case # 
200201687, Labor Exchange Office, 19 Staniford St., 1st Fl, Boston MA 02114. 


Sr. SW Engr.- As member of Technical Srvcs. SW developmt team, ensure integrity of design, developmt., impiementa'n & 
testing of communications SW for co.'s cutting-edge telecom products. Resolve complex problems caused by anomalies in 
telecom SW for network sub-systems. Reproduce problems in lab. Isolate SW problems in affected module(s}. Develop 
interim solu'ns to problems. Assess ways to enhance prod. reliability & serviceability. Recommend process improvements: 
to enhance service delivery/offerings. Work closely w/sustain’g engrs. to find root cause analysis of reported anomalies. Must 
have B.S. in Comp. Sci./Eng'g, Electrical/Electronics Eng’g or equiv. + 5 yrs. exp. in job offered or 5 yrs. exp. w/ SW devel- 
opmt. for Telecom Industry. (5 yrs. exp. must be progressively responsible post-grad exp.) Must have in-depth knowledge of 
telecom protocols (i.e. PR!, SS7, ATM, TCP/IP) & scripting languages (i.e. TCL/Expect,UNIX shell programming & PERL as} 
well as C/C++). Must have exp. diagnosing & solving complex problems in telecom/data networks. 40 hrs/wk; Salary: 
$92,833/yr. Send 2 copies of resume to: Case #200201688, Labor Exchange Office, 19 Staniford St 1st Fl, Boston MA 02114 
Sr. SW Engr.- As a member of SW developmt. tearn, design & develop Element/Network Management SW. Will determine 
SW development process best practices includ’g design & code reviews. Will prepare specs. for Element/Network 
Management SW. Will design & develop Plexus PlexView Element Manager SW. In addition, will test & integrate EM SW 
w/ Plexus 9000 & other products developed by the co. as applicable. Must have B.S. in Comp. Sci./Eng’g 
Electrical/Electronics Eng'g or equiv. + 3 yrs. exp. in job offered or 3 yrs. exp. in SW developmt. Must have developmt. exp. 
wielement/network management SW for telecom industry. Must have exp. develop'g SW applications using Java and/or 
C/C++. 40 hrs/wk; Sal: $92,833/yr. Send 2 copies of resume to: Case #200201691, Labor Exchange Office, 19 Staniford 
St 1st Fl, Boston MA 02114. 

Sr. SW Engr.- As a member of Tech. Srvcs. SW developmt. team, ensure integrity of design, developmt., implementation & 
testing of communications SW for co.'s cutting-edge telecom products. Resoive complex problems caused by anomalies in 
telecom SW or network sub-systems. Reproduce problems in lab. Isolate SW problems in affected module(s). Develop 
interim solu'ns to problems. Assess ways to enhance product reliability & serviceability. Recommend process improvements 
to enhance srvc. delivery/offerings. Work closely w/ sustain’g engrs. to find root cause analysis of reported anomalies. Must 
have B.S. in Comp. Sci./Engr’g, Electronics Eng'g or equiv. + 5 yrs. exp. in job offered or 5 yrs. exp. w/ SW developmt. for 
Telecom Industry. (5 yrs. exp. must be progressively responsible post-grad exp.) Must have in-depth knowledge of telecom 
protocols (i.e. ISDN, PRI, SS7, TCP/IP) & scripting languages (i.e. TCL/Expect,UNIX shell programming & PERL as well as 
C/C++). Must have exp. diagnos'g & solv'g complex problems in telecom/data networks. 40 hrs/wk; Salary: $92,833/yr. 
Send 2 copies of resume to: Case #200201704, Labor Exchange Office, 19 Staniford St 1st Fl, Boston MA 02114 


Sr. SW Engr.- Develop, integrate, maintain & test complex communication protocols including, but not limited to: Sigtran. 
SS7/CCS7 & ISDN. Participate in design & code reviews of new SW & modifica'ns to exist'g SW. Develop, maintain & test 
telecom applications & system SW responsible for configuring & controlling the system, internal communication between SW 
entities, fault tolerant & redundant operation of SW. Analyze & document computerized telecorn system SW reqs., function- 
al specs., architectural specs. & design specs. Must have M.S. in Comp. Sci./Eng'g, Electrical/Electronics or equiv., + 2 yrs. 
exp. in job offered or 2 yrs. exp. witelecom SW development. (Exp. may be gained before or after M.S.). In the alternative. 
employer will accept Bachelor's degree + 5 yrs. of progressively responsible post-grad SW developmt. exp., including 2 yrs. 
telecom SW developmt exp. Must have proficiency in C programming, as well as knowledge of telecom protocols. 40 hrs/wk, 
Sal: $92,833/yr. Send 2 copies of resume to: Case #200201706, 2002 Labor Exchange Office, 19 Staniford St 1st Fl, Boston 
MA 02114 


pe Business Analyst for NYC IT co to IT PROFESSIONAL Software Engineer li: For co. 


oe Se research & analyze mktg & fin’! \www.maximaconsultin m has specializing in mktg & mnfg of 
sae condns inci accts & target clients immediate openings for Software computer software, write/modi- 
= & eval alternatives to improve & Engineers and Analyst/Program- fy applications, programs & 
expand scope of current opera- mers for assignments in Boston/ modules from design specs: 
tions & present recommenda- North East with the following skills: test, maintain, debug, update & 
tions. Analyze current fin’! strate- INTERNET COMPUTING help establish quality assur- 


: JAVA Design & Architecture 
gies & present alternative meth JAVA/SWINGIE JB's ance plans. Req: BS or equiv, 


ods of improving fin'l condition ACTUATE/eTOOLS in Comp Sci, Comp & Info Sci 
Analyze svcs & operations & rec- ASP.NET or related field. 1 yr exp in job 

to increase efficiency. Analyze PM/Business Analysts 


eat : industry conditions, rules & regs CLIENT/SERVER grammer. Exp must incl object- 
; Utilize d/base & spreadsheet UNIXIC++/PERLSQL oriented analysis & design & 
5 s/ware to prep reports. Dvip & Oracle Financials RDBMS design; may be gained 


Oracle/Sybase DBA’s 
integrate new mgmt systems & UNIX Admin./NT Admin. 
in Visu 


conduct research. Bach/equiv in VC++/VB/COM/DCOM 


Bees): ‘ Bus Admin & 2 yrs exp. Will Data Warehouse Specialists Java, JDBC, MS SQL server, ; 
accept 3-yr college in specified Consulting; inc ORACLE, JSP, HTML & 
oS fields & 2% yrs in job offd. Systec 27 Water Street DHTML. 40 hrs/wk. Send res. 
S Int, Inc, 350 Sth Ave, Ste 7812 Wakefield, MA 01880-3038 to Computerworld, Ref #3540, 

NY, NY 10018, fax (212) 290- Careers@maximaconsulting.com 500 Old Connecticut Path, 

2889, systec@systecusa.com (781) 246-9500 Framingham, MA 01701. 


Application Analysts & 
Developers, OH & VA. Soft- 
ware (Reynolds DMS & 
Automark products) apps 
design & development using 
Visual InterDev, BTW (Bran- 
ded Flow Technology) VB, 
VC++, Businessware, SQL 
Server 2000 & ASP/IIS 5.0 
Req. BS in comp sci, engg, 
or related field & 1-2 yr exp 
in programming, develop- 
ing, or analysis. Resumes 
to: K. Cramer, Reynolds & 
Reynolds, POB 2608, 
Dayton OH 45401. 


COMPUTERS 


Radiant Soft Sol, inc., a S/ware 
Consulting Comp., seeks to fill 
the following Multipie Openings 
in Arlington Heights, IL & unan- 
ticipated locations in the US 
Sr. Software Consultants (BS + 
3 yrs exp), Business/Systems/ 
Programmer/QA Analysts (BS 
+ 2 yrs exp.), Database 
Analysts (BS + 3 yrs exp.), 
Network Analysts (BS + 2 yrs. 
exp.) and IT Managers (BS + 3 
yrs supervisory exp). Respond 
by resume to HR, 855 E. Golf 
Road, #1125, Arlington 
Heights, IL 60005. 


Programmers to analyze/devel- 
op software appls using Oracle 
Apps, Oracle, PL/SQL, Dev 
2000, etc under Windows/UNIX 
OS; assist in customizing and 
migrating Oracle App; customize 
Forms/Reports using Oracle 
Application standards; docu- 
ment development process 
Require: BS or foreign equiv. in 
CS/Engg. (any branch) & 6 
months of exp. In lieu of BS, 
3yrs_ of academic studies 
towards a Bachelor's degree 
plus 1 yr of exp in IT will be 
accepted. Travel involved. F/T 
position. Competitive salary. 
Resume to: HR, Quest 
America,inc., 211 East Ontario 
Street, Suite 1800, Chicago, IL 
60611 
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Position opening for IT profession- 
als with min. 2yrs industry exp. in 
(various skills combination reqd.) 
MQ Series; XML, STX 12, EDI 
MED Editor, PDK, DTS, OLAP, 
RPT, VB Script, Dream Weaver, 
GRC, AWT, Websphere, JDBC, Vi- 
sual Inter-dev Foxpro, Solaris, Un- 
ix, SQL Pre processor, C, C++, Or- 
acie Web Application Server, MTS. 
Pro * C, CSS, XSL, CEEDUMP, ES 
9000, SynSort, OAS, OEM, CVC 
SQR. Peoplesoft, People Tools 
WorkFiow, RMI, COBOL Ii, CICS 
DB2, IMS DB/DC, MVS, JCL, V- 
SAM, File Aid, Changeman. VB, Ja- 
va, Oracle, SQL Server, etc. MS or 
BS or equiv {Engg. (any )} or CS or 
Bus Admin. or rel field. Travel/reloc. 
reqd. Resumes only to HR, 3i 
People, 1780 Century Circle, Ste 2. 
Atlanta, GA 30345. 


Software Engineer. Devel- 
Op core back-end technolo- 
gies, primarily mod_perl de- 
velopment utilizing Perl in a 
Linux/Unix & Java environ 
Using HTML prog. on a 
SQL d/base & RDBMS sys- 
tems. Req: BS in Comp 
Sci., Comp. Eng. or related 
field. 40-hrs/wk. Job/Inter- 
view Site: W. Hollywood, 
CA. Send resume with copy 
of ad to Ticketmaster, 8181 
South 48th Street, Suite 
100, Phoenix, AZ 85044. 


New 

The new 
itcareers.com 
and 
CareersJournal.com 
combined 
jobs database 
can help you 
find one. 
Check out! 


SOFTWARE ENGINEER to 
design, imp.ement and deploy 
systems software, application 
messaging protocols, client 
server and web based applica- 
tion software using C/C++, ASP, 
XML, Java, SQL, T-SQL, 
VBScript, JavaScript with lS 
Visual Studio, MS SQL Server 
and GNU C/C++ on Windows 
XP/2000, Windows CE and 
Linux platforms; Test application 
software using automated test 
and application profiling tools 
including JProfile and JTest on 
Windows and Linux platforms: 
Develop application software 
using OOAD and RUP method- 
ology under SO 9001 and SEI 
CMM Level 5 quality proce- 
dures. Require: M.S. degree in 
Computer Science/Engineering 
or a closely related field with 2 
yrs of exp in the job offered 
Extensive travel on assignments 
to various client sites within the 
U.S. is required. Competitive 
salary offered. Apply by resume 
to: Sophie Mookerjie, Software 
Paradigms International, Inc 
3901 Roswell Rd, Ste. 134 
Marietta, GA 30062; Attn: Job 
SB. 


Engineer - PSA Controls Software 
wanted to work in Rochester Hills. 
Mi to develop paint and sealing 
systems. Duties include software 
development. implementation, tes- 
ting and on site/in plant debug and 
runoff. Essential functions: man- 
age the development for paint and 
sealing systems, software debug 
and runoff. Work with sales, pro- 
ject management. and installation 
engineers to runoff projects. Re- 
sponsible for software specifica- 
tions, project status and technical 
information, quoting and specifying 
Projects and training new engi- 
neers. Requires a Bachelor of Sci- 
ence degree in Electrical Engin- 
eering, at least two months of 
experience as a Software Pro- 
grammer, and at least one Bach- 
elor degree level course in each of 
the following: Industrial Electronics 
ll, Microprocessors; Programming 
40 hours per week, overtime 
varies, 8:00 a.m. to 5:00 p.m 
$48,000 per year. Employer paid 
ad. Send resume to MDCD/ESA, 
P.O. Box 11170, Detroit, Mi 48202 
refer to Reference No. 210681 


Computer Programmer. Duties 
Assist wifull cycle develop. of 
voice recognition tech. system 
for telecoms. Provide analysis 
develop. & coding on a UNIX/ 
Solaris oper. system using C. 
C++ & Java. Support implem 
of new develop., test appis. & 
debug system defects & mal 
functions. Requires: B.S. (or 
foreign equiv.) in Comp. Sci., 
Eng. or related field & 2 yrs. 
exp. in the job offered or 2 yrs 
exp. as a Prog./Analyst or 
Developer. Concurrent exp 
must incl.: 2 yrs. exp. w/full 
cycle develop. of systems for 
telecoms & 2 yrs. exp. using 
Java. Send resume (no calls) 
to: Marcy Baldwin, CTG, Inc., 3 
Neptune Dr., Ste. Q17, Pough- 
keepsie, NY 12601-5571 


Computer Professional (Multiple 


JAVA, Power Builder. 
Visual Basic, Oracle, Developer 
2000, Sybase, Windows, Unix 
Admin, People Soft, SQL Server, 
SAP, Oracle Financials, Cobol 
Db2, Cics, MVS, JCL, AS/400 
Lucrative compensation. Please 
E-mail your Resumes to the fol- 
lowing address 
INFO@ADVANSOFTUSA.COM 


Attn. HR Department 
AdvanSoft Worldwide, Inc 
415 W. Golf Road, 

Suite #15 
Arlington Heights, iL 60005 
Visit 
WWW.ADVANSOFTUSA.COM 
For More Details 
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Infinite Computing Systems, a 
Cedar Rapids company is seek- 
ing qualified computer profes- 
sionals. Current positions avail- 
able must meet the following 
requirements. All positions 
require at least a Bach degree 
(foreign Bach degrees are 
acceptable) We may have 
additional positions available in 
addition to the ones listed 
Multiple positions are likely 
available Candidate's salary 
relative to experience/skills 
Candidates must be willing to 
relocate and travel as needed 


2 yrs exp 

- Expeditor, IDMS, 0B2 
COBOL, QMF 

- CRM (e.g. SAP, Peoplesoft) 
Java, HTML, Weblogic or 
Websphere 

- VB, Java, SQL, ASP. .net. 
SQL Server, IIS 

- VB, Developer 2000, SQL 
Oracle Apps (functional. 
Technical) 

- Easytreive, QMF, MF-Cobol 
CICS, SAS, TSO/SPF 

- C, C++, GUI, SQL, Oracle or 
Sybase or Informix 


Send resume and cover letter 
Raj Inani, President, Infinite 
Computing Systems, Inc., 230 
2nd Street - Ste 214, Cedar 
Rapids, |A 52401 


Director of Product Marketing 


Changing the world may take 
longer than you thought. But 
changing the world of business is 
definitely do-able. As the world’s 
leading supplier of business solu- 
tions, SAP has been changing 
the way businesses run for the 
past 30 years. And we aren't pian- 
ning on stopping anytime soon 
We're looking to give the brightest 
minds in the industry the opportu- 
nities, freedom, and stimulation 
that only a world leader like SAP 
can provide 


For immediate consideration 
please visit www.sap.com/usa. 
employ, go to the Employment 
Opportunity section and search 
for Job ID #2513. We offer an 
excellent benefits package. EOE 


SENIOR PROGRAMMER/ANA- 
LYST to analyze, design, devel- 
op, test, implement and maintain 
GIS applications using VB, ODL. 
Peri, Microstation, MDL, C, C++ 
Java, FRAMME, Web View, Field 
View, Geo-Media, Oracle, PL 
SQL, VC++, ASP, liS, VBScript. 
HTML and SQL Server under 
Windows NT and UNIX operating 
systems. Require: B.S. degree in 
Computer Science, an Engineer- 
ing discipline, or a closely relat- 
ed field with 2 yrs. of exp. in the 
job offered. Extensive travel on 
assignment to various client sites 
within the U.S. is required. Com- 
petitive salary offered. Send res- 
ume to: Murli N. Reddy, Charter 
Global Inc., 5445 Triangle Pkwy., 
Ste. 190, Norcross, GA 30092 
Attn: Job VV. 


Sr. Software Engineer: Design. 
development, enhancement and 
implementation of customized 
computer software in a peer-to- 
peer and client/server environ- 
ment utilizing Riposte technology 
This will include 3-tier Web-based 
applications on a distributed mes- 
Saging system and archiecting of 
databases with an emphasis on 
minimizing bandwidth require- 
ments. Will serve as Technical 
Manager. Must have Masters or 
equivalent in Computer Science. 
Engineering or reiated. Must have 
3 yrs exp. in job offered or 3 yrs 
exp. in database development 
Experience must include Riposte 
technology. Salary: $102,500/yr. 
Hrs: 9:00am-5:00pm, 40/wk 
Please send 2 copies of resume 
to: Case #200202089, Labor 
Exchange Office, 19 Staniford St 

1st Fl., Boston, MA 02114 


Business Process Analyst. Work 
Sched 9:00AM-5:00PM 40 hrs/wk 
$84,000.00 P/A. Evaluate, analyze. 
develop & support corporate Com- 
munications & Information Net- 
work, for all corporate facilities 
(vehicle zssembly plants & compo- 
nent mfg pianis) in NA (U.S 
Canada & Mexico) & Germany 
Serve as a lead web deveioper for 
corporate internet & Intranet. Act as 
a liaison between development 
teams in the U.S. & Germany 
mplement global web projec 
Evaluate, define software testing 
methods, redesign infrastructure & 
process, & an. e systems using 
Unix-based systems, Oracle, & 
Universal DataBase database man- 
agement system using object ori- 
ented methodologies, & design 
install client server systems using 
Java. Analyze, design, implement 
deploy & support of client server 
applications networks 
Novell, Unix, & 
systems at corporate lev 
multiple application development 
including WebSphere. Visua! 
Age for Java. DB, PVCS & oth- 
ers to develop 3-tiered web appli 
cations. Work in technical on- 
ment including Unix, SUN Solaris & 
Windows NT. improve ail aspects of 
internet/intranet applications as 
well as underlying business pro- 
cesses. Design & implement porta 
infrastructure for e-business plat- 
form using Netscape & 'BM tech- 
nologies. Bachelor (or equivalent 
Computer Science &/or Computer 
Engineering. One yr. exp. in Job or 
Related Occupation of Programmer 
Analyst. One yr. of Related Occu- 
pation exp. must include using mul- 
tiple applica! development tools 
including WebSphere, Visual Age 
for Java, & UDB, to develop 3 
tiered web applications, which may 
be concurrent with Related O 
pation exp. Em 
Send resume to MDCD, PO Box 
11170 Detroit M 
Ref. #211383 


ent and 
support work for Oracle-based 
financial applications, inci. Oracle 
Financials & Time Billing. Specific 
dui systems analysis, design 
& testing: software development 
preparation of systems & user 
documentation; development of 
system designs, production sup- 
port of installed applications (e.g 
troubleshooting); development of 
efficient and effective software’ 
solutions; contribution to opera- 
tional processes by analyzing 
and suggesting improvements in 
development approach, method: 
ology & documentation. Must use 
Oracie SQL, UNIX, PL/SQL. Min 
reqs: Bachelor's degree in Comp 
Sci., Engineering, related field, + 
2 yrs exp. in position offered or 2 
yrs exp. in software engineering, 
programming, or relevant field 
Must also have knowledge of 
Oracle SQL (Reporter 2.5, Forms 
4.5 or higher) PL/SQL, UNIX 
plus exp. in structural systems life 
cycle methodology, developing 
extensions to Oracle Applications 
10.7. Must have unrestricted 
authorization to work in U.S. M-F. 
8:30 AM-5:30 PM, 40+ hrs/wk. 
Salary: $75,000-$85,000/year. 
An EOE. Send 2 copies of 
resume to Case No. 200201967 
Labor Exchange Office, 19 
Staniford St., 1st Fi., Boston, MA 
02114 


Systems Analyst: Resp. for ana- 
lyzing user requirements, proce- 
dures, & problems to design 
develop, & test application soft- 
ware to automate processing, or 
to improve existing computer 
systems. Review computer sys- 
tem capabilities & workflow. 
Req: Bachelor's degree in Comp. 
Sci, Engg, Math or Tech pilus 2 
years exp. in job offered or in rel 
occupations. Exp. must inci 
Oracle, MFC, VC++ & Topend 
40 hrs./wk. Please apply through 
resumes only to HR Dept 
Capricorn Systems inc., 3569 
Haversham at Northiake, Bidg K, 
Tucker, GA 30084 
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Lack Licensing Revives 
Criticism Settlement 


Microsoft’s terms draw concern 


PATRICK THIBODEAU 
WASHINGTON 
KEY PROVISION 
the U.S. settlement 
with Microsoft 
Corp., the licensing 
server interoperability pro- 
tocols, has attracted scant in- 
terest from vendors. 
And that has brought 
renewed criticism 
the settlement, which 
was announced near- 
two years ago. 
Only four companies have 
received licenses under the 
settlement, including two ma- 
jor storage vendors, according 
report released last week 
the U.S. Department Jus- 
tice (DOJ) assessing the settle- 
ment. The administration and 
states that backed the settle- 
ment criticized li- 


Continued from page 
Contracts 


while Government Services 
Administration review un- 
der way, according pub- 
lished reports. 

David Drabkin, deputy asso- 
ciate administrator for acqui- 
sition policy the GSA, ac- 
knowledged that his office 
working formal request 
the inspector general 
determine whether MCI 
should suspended de- 
barred [QuickLink 39203]. 

“In this case, the recommen- 
dation that came from our [in- 
spector general] wasn’t ac- 
companied any in-depth in- 
vestigative work showing 
what the processes were that 
failed the company and that 
possibly led them not being 


censing terms the report. 
But two the companies 
that acquired licenses, EMC 
Corp. Hopkinton, Mass., 
and Network Appliance Inc. 
Sunnyvale, Calif., said the li- 
censes will used assure 
corporate customers that their 
storage products 
hindered 
interoperability 
problems with Mi- 
crosoft products. 
“We see highly benefi- 
cial,” said Mike O’Neill, senior 
director for strategic alliances 
Network Appliance. “It be- 
comes very valuable cus- 
tomer know that the solu- 
tion that they are investing 
... has pretty lengthy half- 
life it,” said. 
The protocols will used 
network-attached storage 


(NAS) products special- 
purpose file servers that sit 
front storage arrays, interact 
with Microsoft servers and al- 
low file access over network. 

Tom Joyce, senior director 
NAS product marketing 
EMC, said the license means 
that Microsoft changes tech- 
nology direction, 
sync with them.” Without the 
license, EMC would have re- 
verse-engineer the protocols. 

Steve Kenniston, analyst 
Enterprise Storage Group 
Inc. Milford, Mass., said, 
“The fear has always been that 
matter what you did, Mi- 
crosoft could change the rules 
you.” 

But the royalties, rates and 
other terms that Microsoft set 
for the licenses have raised 
government concern. Accord- 
ing the DOJ report, “further 
steps may need taken” 
on the licensing terms, includ- 
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HEN: states, later joined 
the Clinton administration, 
Microsoft 1998, charg- 
ing the company with antitrust 
violations. 

Massachusetts the 
only state still pursuing ap- 
peal U.S. District Judge 
Colleen ruling 
that the Bush administration- 
backed settlement was the 
public interest. West Virginia, 
the other holdout, settled June. 
NEXT: The U.S. Court Ap- 
peals will hoid hearing Nov. 
Massachusetts’ appeal. 


ing possible new court orders. 
hearing set for July 24. 
The two other companies 
receiving licenses are VeriSign 
Inc. Mountain View, Calif., 
which plans use protocols 
its security work, and media 
developer Starbak Communi- 
cations Inc. Waltham, Mass. 
Microsoft spokesman Jim 


said the company 
working with the government 
the licensing terms and 


presently responsible,” said 
Drabkin. “We have get lit- 
tle more information before 
decide.” 

The ramifications debar- 
ment could enormous for 
government agencies. MCI re- 
mains critical federal con- 

tractor, holding either prime 
wide range contracts, in- 
cluding vital U.S. Department 
Defense programs. 


Major Disruption 
GSA General Counsel Ray- 
mond McKenna stated that 
any shift away from MCI 
would disrupt telecommuni- 
cations services broad 
swath federal agencies, in- 
cluding military, law enforce- 
ment and homeland security 
organizations. 
“Long-distance voice ser- 


vice the Pentagon, the 
Trilogy data network, 
the National Weather Ser- 
vice’s Weather Net, the Social 
Security Administration’s na- 
tional voice and data networks 
and the Centers for Medicare 
and Medicaid Service’s Medi- 
care/Medicaid Hotline could 
jeopardized,” wrote Mc- 
Kenna. 

Also, prices remain 
the best choice for the govern- 
ment, McKenna said, adding 
that agencies would likely 
have bear “multimillion- 
dollar expenses” switch 
other carriers. 

Vance Hitch, CIO the U.S. 
Department Justice, ac- 
knowledged that suspension 
debarment could disrupt 
services and introduce new 
expenses, especially for the 
FBI’s Trilogy program 
$400 million network effort 


started March. 

“The FBI has just gone 
through very aggressive and 
high-risk effort get Trilogy 
place and stable,” said. 
would very disruptive 
have back off that and 
change.” 

spokesman for the De- 
fense Information Systems 
Agency (DISA), the Defense 
telecommunica- 
tions and network manage- 
ment agency, said thorough 
review all MCI contracts 
now under way, and officials 
are evaluating alternative ser- 
vice providers minimize the 
impact MCI debarred. 

The DISA spokesman noted 
that some existing contracts, 
particularly those related 
national security, may remain 
effect after any suspension 
debarment. 

Ken Smalling, spokesman 


open additional changes. 

“We welcome government 
feedback, and hopefully, 
through constructive proc- 
ess, can make refinements 
and adjustments the pro- 
gram,” said. 

But Microsoft critics, in- 
cluding trade groups repre- 
senting the company’s rivals, 
say the paucity companies 
acquiring licenses affirms 
their earlier complaints. 

The “settlement meaning- 
less,” said Edward Black, pres- 
ident the Computer Com- 
munications Industry Associa- 
tion Washington, who said 
the agreement gave Microsoft 
too much power set licens- 
ing terms and conditions. 

But Hilliard Sterling, 
antitrust expert Much She- 
list Freed Denenberg Ament 
Rubenstein Chicago, 
said the licensing outcome 
“may indicative the ab- 
sence any real need.” 


COURT COVERAGE 


To gain access to all stories on the Micro- 
soft antitrust case, visit our Web site: 
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for Electronic Data Systems 
Corp., which relies MCI for 
wide-area network services 
for its $6.9 billion Navy/Ma- 
rine Corps Intranet 
contract, said Plano, Texas.- 
based EDS has the relation- 
ships place switch al- 
ternative service providers 
necessary. added that 
far, MCI has met exceeded 
service requirements under 
the N/MCI contract [Quick- 
Link 39264]. 

Morton Bahr, president 
the Washington-based Com- 
munications Workers Amer- 
ica, which supports debarment 
MCI, said the government 
has plenty viable alterna- 
tives. “Clearly, both AT&T and 
Sprint, with national networks 
that equal and surpass that 
MCI, [would] have problem 
handling all available busi- 
ness,” said Bahr. 
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FRANK HAYES FRANKLY SPEAKING 


Open for Business 


HAT, WHAT, has happened these open- 
source people? last week’s O’Reilly Open 
Source Convention Portland, Ore., didn’t hear 
lot about the philosophy and politics “the 
movement.” didn’t hear bitter fights over which 
open-source license best, endless fretting about the confusion 
over what the free free software means free beer? Free 


ride? Free not jail? 


What did hear lot about was business. 


And not just the business selling Linux 
operating systems, selling hardware bundled 
with MySQL databases, selling services in- 
stall and maintain Apache Web servers and Perl 
scripts. No, these open-source people were talk- 
ing about the kind business issues that mat- 
ter corporate IT: how cost-justify projects, 
how stay connected with user needs, how 
company can innovate using free software 
not just profit selling it. 

here was book publisher Tim 
sponsor the conference, talking about para- 
digm shift business models, which “open- 
source application” doesn’t just mean Open- 
Office but also refers Google and Yahoo and 
Amazon.com companies running open- 
source software but using some very pro- 
prietary ways. 

And over there was Ward Cunningham, one 
the creators the extreme programming ap- 
proach software development, talking about 
Fit, open-source testing tool designed link 
managers, developers and business users while 
applications are being developed. 

Wait managers? Business models? Since 
when does the unstructured, unbusinesslike 
open-source world worry about this stuff? And 
and Cunningham 
alone the program was full 
presentations open-source busi- 
ness models that matter corpo- 
rate IT, not just Red Hat wannabes, 
and open-source software and 
techniques that apply directly 
what corporate shops do. 

What happened all the anti- 
capitalist, anticorporate rhetoric 


Now the action lies doing business with 
open-source. 

That means staying focused the fact that 
you get your business advantage from your 
data, not your applications. And the fact that 
business conditions change constantly, your 
software has keep changing will fall out 
sync. And the fact that real enterprise soft- 
ware depends the people who use much 
those people depend the software. 

Yeah, that’s all stuff they were discussing 
Portland. long way from debates about poli- 
tics, isn’t it? 

wonder every big software vendor play- 
ing open-source card. Open-source more 
focused for doing business than those 
other vendors are. fact, it’s more focused 
that challenge than many corporate people. 

And today, that makes open-source real 
threat the status quo for both vendors and 
shops. It’s one thing change the way software 
built and distributed. It’s far more radical 
change the way used business. 

All which should wake-up call for cor- 
porate IT. Paying close attention open- 
source longer optional. You don’t have 
buy open-source philosophy politics even 

products. But open-source really 
where the interesting thinking 
about and business being 
done, you need stay top it. 
pay attention open-source. 
Track it. you spot good idea, 
steal adapt repurpose it. 
Let the open-source crowd the 
heavy lifting; you can cherry-pick 
whatever most innovative in- 
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PCs are randomly dropping off the network, and this 
big contractor about lose the contract because 
it. last-ditch effort, consultant pilot fish called in, 
and finds the problem: network switch knows 
from experience flaky. But why didn’t the contrac- 
staff spot it? “When they were testing, they used 
sniffer and had replace that switch with 
hub they could monitor both sides simultaneously,” 
sighs fish. they put back before they left.” 


Stuck 
User tells sup- 
port pilot fish 


key off her lap- 

top. She replaced it, but 
now won’t work. the 
key loose? fish asks. 
now,” user replies. 
What you mean, not 
now? fish asks. “it was 
loose, but fixed it,” user 


says. used super glue.” 


Stripped 

Layoffs are coming, 
this insurance compa- 
managers rank all 


employees for future ter- 


mination. “To maintain 
secrecy, they shredded 


the printed spreadsheets 


with the ratings,” says 
pilot fish there. “Unfor- 
tunately, the spread- 
sheets were printed 
landscape mode, the 


shredder blades separat- 


each employee and 
rating, name, his 
own strip paper. After 
the recycling bin, knew 


each rating all 


126 them.” 


Stymied 

After top management 
lays off every program- 
mer the department 
except him, overworked 
pilot fish takes vaca- 
tion day. When re- 
turns, finds out his 
manager hot water 
with the boss. The com- 


SHARK 


plaint? Fish 
groans, “They 
said she wasn’t 
providing ade- 
quate pro- 

gramming coverage for 

the department.” 


Shrunk 

Pilot fish notices that 

the nearly finished new 

computer room uses the 
door from the old 
glass house. The equip- 

ment racks are fish 
says how will get 

them in? “Roll them from 
the old room into the 
new one,” says contrac- 
tor. But the new room 

has 8-inch raised 
floor, fish points out. 

“The design was quickly 
modified,” says, “to 


Stopped 

the late 1960s, and 
this pilot fish discovers 
the hard way that 

anyone hits the main- 

stop button, the 
Start button 
restart it; has 

completely 

Luckily, vendor engi- 

neer and his boss are 

visiting, and fish 

scribes the problem. 

“Impossible,” engineer 
says. “Let show 

you.” Says fish, still 

remember and his 

boss yelling ‘No!’ 

reached out and hit the 
stop button.” 


FEED THE SHARK! Send your true tale life 

You snag snazzy 
Shark shirt use it. And check out the daily feed, browse 
the Sharkives and sign for Shark Tank home delivery 
computerworld.com/sharky. 


FRANK HAYES, Computer- 
world’s senior news colum- 
nist, has covered for more 
than years. Contact him 
frank_hayes@computerworld.com. 


that used make the free-software 
crowd easy for corporate 
people dismiss? Oh, it’s still 
around. It’s just not where the 
action anymore. 


teresting useful you. 

years, you could wondering 
what, what, has happened 
your shop. 
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